manualshive.com logo in svg

Cisco Small Business 300 1.1 Series, Руководство администратора

Поделиться
Скачать
Cisco Small Business 300 1.1 Series Скачать руководство пользователя страница 601

Quality of Service (QoS) Commands

78-20269-01 Command Line Interface Reference Guide

603

41

 

41.45 security-suite dos syn-attack

Use the security-suite dos syn-attack Interface Configuration mode command to 
rate limit Denial of Service (DoS) SYN attacks. This provides partial blocking of of 
SNY packets (up to the rate that the user specifies).

Use the no form of this command to disable rate limiting.

Syntax

security-suite dos syn-attack 

syn-rate

 {

any | ip-address

 } {

mask

 | /

prefix-length

}

no security-suite dos syn-attack {

any | ip-address

} {

mask

 | /

prefix-length

}

Parameters

syn-rate—Specifies the maximum number of connections per second. 
(Range: 199–1000)

any | ip-address—Specifies the destination IP address. Use any to specify 
all IP addresses.

mask—Specifies the network mask of the destination IP address.

prefix-length—Specifies the number of bits that comprise the destination IP 
address prefix. The prefix length must be preceded by a forward slash (/).

Default Configuration

No rate limit is configured.

If ip-address is unspecified, the default is 255.255.255.255

If prefix-length is unspecified, the default is 32.

Command Mode

Interface Configuration (Ethernet, Port-channel) mode

User Guidelines

For this command to work, 

security-suite enable

 must be enabled both globally 

and for interfaces.

This command rate limits ingress TCP packets with "SYN=1", "ACK=0" and "FIN=0" 
for the specified destination IP addresses.

SYN attack rate limiting is implemented after the security suite rules are applied to 
the packets. The ACL and QoS rules are not applied to those packets.

Содержание Small Business 300 1.1 Series

Страница 1: ...Cisco Small Business 300 1 1 Series Managed Switch Administration Guide CLI GUIDE ...

Страница 2: ... privilege 44 do 45 banner login 46 login banner 48 show banner 49 3 Macro Commands 50 macro name 50 macro apply 53 macro description 55 macro global 57 macro global description 58 show parser macro 59 4 RSA and Certificate Commands 62 crypto key generate dsa 62 crypto key generate rsa 62 show crypto key mypubkey 63 crypto certificate generate 64 crypto certificate request 66 crypto certificate im...

Страница 3: ... 96 show cpu input rate 96 6 Clock Commands 98 clock set 98 clock source 98 clock timezone 99 clock summer time 100 clock dhcp timezone 102 sntp authentication key 103 sntp authenticate 104 sntp trusted key 105 sntp broadcast client enable 106 sntp unicast client enable 107 sntp server 107 show clock 110 show sntp configuration 111 show sntp status 113 7 Configuration and Image File Commands 115 c...

Страница 4: ...ver community 145 snmp server view 148 snmp server group 149 snmp server user 151 snmp server filter 153 snmp server host 154 snmp server engineID remote 156 snmp server enable traps 157 snmp server trap authentication 158 snmp server contact 159 snmp server location 159 snmp server set 160 show snmp 161 show snmp engineID 162 show snmp views 163 show snmp groups 164 show snmp filters 165 show snm...

Страница 5: ...methods 192 password 194 enable password 195 username 196 show user accounts 197 passwords complexity enable 198 passwords complexity attributes 200 passwords aging 202 show passwords configuration 203 16 Remote Authentication Dial In User Service RADIUS Commands 205 radius server host 205 radius server key 207 radius server retransmit 208 radius server source ip 209 radius server source ipv6 210 ...

Страница 6: ...39 show rmon alarm table 241 show rmon alarm 242 rmon event 244 show rmon events 245 show rmon log 246 rmon table size 247 20 802 1x Commands 249 aaa authentication dot1x 249 dot1x system auth control 250 dot1x port control 250 dot1x reauthentication 252 dot1x timeout reauth period 252 dot1x timeout quiet period 253 dot1x timeout tx period 254 dot1x max req 255 dot1x timeout supp timeout 256 dot1x...

Страница 7: ...cast level kbps 291 storm control broadcast level 291 storm control include multicast 293 show storm control 293 22 PHY Diagnostics Commands 295 show cable diagnostics cable length 295 show fiber ports optical transceiver 295 23 Power over Ethernet PoE Commands 298 power inline 298 power inline priority 298 power inline usage threshold 299 power inline traps enable 300 power inline limit 300 power...

Страница 8: ... ipv6 forbidden ip address 336 bridge multicast ipv6 source group 337 bridge multicast ipv6 forbidden source group 338 bridge multicast unregistered 340 bridge multicast forward all 341 bridge multicast forbidden forward all 342 mac address table static 343 clear mac address table 344 mac address table aging time 344 port security 345 port security mode 346 port security max 347 show mac address t...

Страница 9: ... tree mst cost 379 spanning tree mst configuration 380 instance MST 381 name MST 382 revision MST 382 show MST 383 exit MST 384 abort MST 384 show spanning tree 385 show spanning tree bpdu 401 30 Virtual Local Area Network VLAN Commands 403 vlan database 403 vlan 403 show vlan 404 default vlan vlan 406 show default vlan membership 407 interface vlan 408 interface range vlan 409 name 410 switchport...

Страница 10: ...rier version 442 ip igmp robustness 442 ip igmp query interval 443 ip igmp query max response time 444 ip igmp last member query count 445 ip igmp last member query interval 446 ip igmp snooping vlan immediate leave 446 show ip igmp snooping mrouter 447 show ip igmp snooping interface 448 show ip igmp snooping groups 449 32 IPv6 MLD Snooping Commands 451 ipv6 mld snooping Global 451 ipv6 mld snoop...

Страница 11: ...Addressing Commands 478 ip address 478 ip address dhcp 479 renew dhcp 481 ip default gateway 482 show ip interface 482 arp 483 arp timeout Global 484 ip arp proxy disable 485 ip proxy arp 486 clear arp cache 486 show arp 487 show arp configuration 488 interface ip 489 ip helper address 490 show ip helper address 491 ip domain name 492 ip name server 493 ip host 494 clear host 495 clear host dhcp 4...

Страница 12: ...show ipv6 tunnel 522 38 DHCP Relay Commands 524 ip dhcp relay enable Global 524 ip dhcp relay enable Interface 524 ip dhcp relay address 525 show ip dhcp relay 526 39 IP Routing Protocol Independent Commands 529 ip route 529 show ip route 530 40 ACL Commands 533 ip access list 533 permit IP 534 deny IP 536 ipv6 access list 539 permit IPv6 540 deny IPv6 542 mac access list 544 permit MAC 545 deny M...

Страница 13: ...et 579 rate limit VLAN 580 qos wrr queue wrtd 581 show qos wrr queue wrtd 582 show qos interface 583 wrr queue 585 qos wrr queue threshold 586 qos map policed dscp 587 qos map dscp queue 588 qos map dscp dp 589 qos trust Global 590 qos trust Interface 591 qos cos 592 qos dscp mutation 592 qos map dscp mutation 593 show qos map 594 clear qos statistics 595 qos statistics policer 596 qos statistics ...

Страница 14: ...unk refresh 631 macro auto resume 632 macro auto persistent 633 macro auto smartport type 634 macro auto processing cdp 636 macro auto processing lldp 637 macro auto processing type 638 macro auto user smartport macro 639 macro auto built in parameters 640 show macro auto processing 641 show macro auto smart macros 642 show macro auto ports 643 smartport switchport trunk allowed vlan 645 smartport...

Страница 15: ...ocal tlvs overloading 670 show lldp local 671 show lldp statistics 673 show lldp neighbors 674 45 CDP Commands 681 cdp run 681 cdp enable 682 cdp pdu 682 cdp advertise v2 683 cdp appliance tlv enable 684 cdp mandatory tlvs validation 685 cdp source interface 686 cdp log mismatch duplex 686 cdp log mismatch voip 687 cdp log mismatch native 688 cdp device id format 689 cdp timer 689 cdp holdtime 690...

Страница 16: ...own unique console prompt and set of CLI commands Entering a question mark at the console prompt displays a list of available commands for the current mode and for the level of the user Specific commands are used to switch from one mode to another User EXEC Mode Users with level 1 initially log into User EXEC mode User EXEC mode is used for tasks that do not change the configuration such as perfor...

Страница 17: ...command level of 7 or 15 can access this mode To enter this mode from User EXEC mode follow these steps STEP 1 At the prompt enter the enable command and press Enter A password prompt is displayed STEP 2 Enter the password to go the next level and press Enter For security purposes each character in the password is replaced by The Privileged EXEC mode prompt consisting of the Switch host name follo...

Страница 18: ... Console config Use any of the following commands to return from Global Configuration mode to the Privileged EXEC mode exit end Ctrl Z The following example shows how to access Global Configuration mode and return to Privileged EXEC mode Interface or Line Configuration Modes Various submodes may be entered from Global Configuration mode These submodes enable performing commands on a group of inter...

Страница 19: ...e The vlan database Global Configuration mode command is used to enter the VLAN Database Interface Configuration mode Management Access List Contains commands used to define management access lists The management access list Global Configuration mode command is used to enter the Management Access List Configuration mode Port Channel Contains commands used to configure port channels for example ass...

Страница 20: ...cess the web GUI Level 15 Users with this level can run all commands Only users at this level can access the web GUI A system administrator user with level 15 can create passwords that allow a lower level user to temporarily become a higher level user For example the user may go from level 1 to level 7 level 1 to 15 or level 7 to level 15 The passwords for each level are set by an administrator us...

Страница 21: ...rds assigned to user level 7 and user level 15 must be configured on the external server and associated with the enable7 and enable15 user names respectively See the Authentication Authorization and Accounting AAA Commands chapter for details Console configure Console conf enable password level 7 level7 abc Console conf enable password level 15 level15 abc Console conf Console Console username joh...

Страница 22: ... using CLI commands The switch has a defined IP address Corresponding management access is granted There is an IP path such that the computer and the switch can reach each other Using HyperTerminal over the Console Interface NOTE When using HyperTerminal with Microsoft Windows 2000 ensure that Windows 2000 Service Pack 2 or later is installed on your computer The arrow keys will not function prope...

Страница 23: ...onnection Select an icon for the application then click OK STEP 4 Select a port to communicate with the switch Select COM1 or COM2 STEP 5 Set the serial port settings then click OK STEP 6 When the Command Line Interface appears enter admin at the User Name prompt and press Enter Figure 2 Command Line User Name Prompt The console prompt is displayed This prompt is where you enter CLI commands Figur...

Страница 24: ...network To establish a telnet session from the command prompt perform the following steps STEP 1 Click Start then select All Programs Accessories Command Prompt to open a command prompt Figure 4 Start All Programs Accessories Command Prompt STEP 2 At the prompt enter telnet 1 IP address of switch then press Enter Figure 5 Command Prompt STEP 3 The Command Line Interface will be displayed ...

Страница 25: ...nd to request help is There are two instances where help information can be displayed Keyword lookup The character is entered in place of a command A list of all valid commands and corresponding help messages are is displayed Partial keyword lookup If a command is incomplete and or the character is entered in place of a parameter the matched keyword or parameters for this command are displayed To ...

Страница 26: ...uration to the default value This Reference Guide provides a description of the negation effect for each CLI command Command Completion If the command entered is incomplete invalid or has missing or invalid parameters then the appropriate error message is displayed This assists in entering the correct command By pressing Tab after an incomplete command is entered the system will attempt to identif...

Страница 27: ...devices Fast Ethernet 10 100 bits This can be written as FastEthernet or fa Gigabit Ethernet ports 10 100 1000 bits This can be written either Gigabit Ethernet or gi or GE LAG Port Channel This can be written as either Port Channel or po VLAN This is written as VLAN Tunnel This is written as tunnel or tu Number of interface Number of port LAG tunnel or VLAN The syntax for this is port type port nu...

Страница 28: ... tunnel number vlan first vlan id last vlan id A sample of this command is shown in the example below Interface List A combination of interface types can be specified in the interface range command in the following format range list interface range range list interface range Up to five ranges can be included console configure console config interface GigabitEthernet 1 console config interface GE 1...

Страница 29: ...cribes the CLI shortcuts console configure cconsole config if interface range gi1 5 vlan 1 2 Keyboard Key Description Up arrow Recalls commands from the history buffer beginning with the most recent command Repeat the key sequence to recall successively older commands Down arrow Returns the most recent commands from the history buffer after recalling commands with the up arrow key Repeating the ke...

Страница 30: ...curly brackets indicate a selection of compulsory parameters separated the character One option must be selected For example flowcontrol auto on off means that for the flowcontrol command either auto on or off must be selected parameter Italic text indicates a parameter press key Names of keys to be pressed are shown in bold Ctrl F4 Keys separated by the character are to be pressed simultaneously ...

Страница 31: ...mmand performs a system reboot In Layer 2 mode the switch forwards packets as a VLAN aware bridge In Layer 3 mode the switch performs both IPv4 routing and VLAN aware bridging If Layer 2 mode is selected a single IP address is supported on the default VLAN The user also must configure a default gateway If Layer 3 mode is selected the user can manage the device on any IP interface configured on the...

Страница 32: ... privilege level Parameters privilege level Specifies the privilege level at which to enter the system Range 1 7 15 Default Configuration The default privilege level is 15 Command Mode EXEC mode Example The following example enters privilege level 7 Console enable 7 enter password Console Accepted The following example enters privilege level 15 Console enable enter password Console Accepted ...

Страница 33: ...privilege level to the specified privileged level If privilege level is left blank the level is reduce to 1 Default Configuration The default privilege level is 1 Command Mode Privileged EXEC mode Example The following example returns the user to user level 7 Console disable 7 Console 2 3 login The login EXEC mode command enables changing the user that is logged in When this command is logged in t...

Страница 34: ... username admin Console login User Name admin Password Console 2 4 configure The configure Privileged EXEC mode command enters the Global Configuration mode Syntax configure terminal Parameters terminal Enter the Global Configuration mode with or without the keyword terminal Command Mode Privileged EXEC mode Example The following example enters Global Configuration mode Console configure Console c...

Страница 35: ...rchy Syntax exit Parameters N A Default Configuration N A Command Mode All commands in configuration modes Examples The following examples change the configuration mode from Interface Configuration mode to Privileged EXEC mode Console config if exit Console config exit 2 6 exit EXEC The exit EXEC mode command closes an active terminal session by logging off the device Syntax exit Parameters N A ...

Страница 36: ... active terminal session Console exit 2 7 end The end command ends the current configuration session and returns to the Privileged EXEC mode Syntax end Parameters N A Default Configuration N A Command Mode All configuration modes Example The following example ends the Global Configuration mode session and returns to the Privileged EXEC mode Console config end Console ...

Страница 37: ...es the currently entered incomplete command the help list is empty This indicates that there is no command matching the input as it currently appears If the request is within a command press the Backspace key and erase the entered characters to a point where the request results in a match Help is provided when 1 There is a valid command and a help request is made for entering a parameter or argume...

Страница 38: ...ion mode User Guidelines This command enables saving user entered commands for a specified line You can return to previous lines by using the up or down arrows The following are related commands Use the terminal history size EXEC mode command to enable or disable this command for the current terminal session Use the history size Line Configuration mode command to set the number of commands that ar...

Страница 39: ...efault Configuration The default command history buffer size is 10 commands Command Mode Line Configuration mode User Guidelines This command configures the command history buffer size for a particular line Use the terminal history size EXEC mode command to configure the command history buffer size for the current terminal session The allocated command history buffer is per terminal user and is ta...

Страница 40: ... mode command Command Mode EXEC mode User Guidelines The command enables the command history for the current session The default is determined by the history Line Configuration mode command Example The following example disables the command history function for the current terminal session Console terminal no history 2 12 terminal history size The terminal history size EXEC mode command changes th...

Страница 41: ...mand changes the command history buffer size for the current terminal session Use the history Line Configuration mode command to change the default history buffer size The maximum number of commands in all buffers is 207 Example The following example sets the command history buffer size to 20 commands for the current terminal session Console terminal history size 20 2 13 terminal datadump The term...

Страница 42: ...terminal datadump command enables dumping all output immediately after entering the show command by removing the pause The width is currently not limited previously the limit was 77 chars and the width of the line being printed on the terminal is based on the terminal itself This command is relevant only for the current session Example The following example dumps all output immediately after enter...

Страница 43: ...rning from configuration modes Example The following example displays all the commands entered while in the current Privileged EXEC mode Console show version SW version 3 131 date 23 Jul 2005 time 17 34 19 HW version 1 0 0 Console show clock 15 29 03 Jun 17 2005 Console show history show version show clock show history 3 commands were logged buffer size is 10 2 15 show privilege The show privilege...

Страница 44: ...nt privilege level is 15 2 16 do The do command executes an EXEC level command from Global Configuration mode or any configuration submode Syntax do command Parameters command Specifies the EXEC level command to execute Command Mode All configuration modes Example The following example executes the show vlan Privileged EXEC mode command from Global Configuration mode Example Console Config do show...

Страница 45: ...s applied automatically on all the CLI interfaces Console Telnet and SSH and also on the WEB GUI Use the no form of this command to delete the existing login banner Syntax banner login d message text d no banner login Parameters d Delimiting character of user s choice a pound sign for example You cannot use the delimiting character in the banner message message text Message text The message must s...

Страница 46: ...wing example sets a Login banner that uses tokens The percent sign is used as a delimiting character Note that the token syntax is replaced by the corresponding configuration variable Device config banner login Enter TEXT message End with the character You have entered hostname domain Token Information displayed in the banner hostname Displays the host name for the device domain Displays the domai...

Страница 47: ...le the display of login banners Use the no form of this command to disable the display of login banners Syntax login banner no login banner Parameters N A Default Configuration Enabled Command Mode Line Configuration mode Example console configure console config line console console config line login banner console config line exit console config line telnet console config line login banner consol...

Страница 48: ...9 2 2 19 show banner Use the show banner commands in EXEC mode to display the banners that have been defined Syntax show banner login Parameters N A Command Mode EXEC mode Examples console show banner login Banner Login Line SSH Enabled Line Telnet Enabled Line Console Enabled ...

Страница 49: ...ides the previously defined one Use the no form of this command to delete the macro definition Syntax macro name macro name no macro name macro name Parameters macro name Name of the macro Macro names are case sensitive Default Configuration The command has no default setting Command Mode Global Configuration mode User Guidelines A macro is a script that contains CLI commands and is assigned a nam...

Страница 50: ...d1 description_string keyword2 description_string keyword3 description_string Parameters keyword A keyword must be prefixed with description string description of the keyword macro keywords This preprocessor command accepts up to 3 keywords The command creates a CLI help string with the keywords for the macro The help string will be displayed if help on the macro is requested from the macro apply ...

Страница 51: ...igures the duplex mode and speed of a port Switch config macro name dup Enter macro commands one per line End with the character macro description dup no negotiation duplex full negotiation Example 2 The following example shows how to create the same macro as in Example 1 but in this example the macro has the parameters DUPLEX and SPEED When the macro is run the values of DUPLEX and SPEED must be ...

Страница 52: ...y trace Interface Configuration command to either Apply a macro to an interface without displaying the actions being performed Apply a macro to the interface while displaying the actions being performed Syntax macro apply trace macro name parameter name1 value parameter name2 value parameter name3 value Parameters apply Apply a macro to the specific interface trace Apply and trace a macro to the s...

Страница 53: ...have defined these with the macro keywords preprocessor command Parameter keyword matching is case sensitive All matching occurrences of the parameter are replaced with the provided value Any full match of a keyword even if it is part of a large string is considered a match and replaced by the corresponding value When you apply a macro to an interface the switch automatically generates a macro des...

Страница 54: ... macro description Use the macro description Interface Configuration mode command to append a description for example a macro name to the macro history of an interface Use the no form of this command to clear the macro history of an interface When the macro is applied to an interface the switch automatically generates a macro description command with the macro name As a result the name of the macr...

Страница 55: ...ering the show parser macro description privileged EXEC mode command Example Switch config interface gi2 Switch config if macro apply dup Switch config if end Switch config interface gi3 Switch config if macro apply duplex DUPLEX full SPEED 100 Switch config if end Switch show parser macro description Interface Macro Description gi2 dup gi3 duplex Switch config interface gi2 Switch config if no ma...

Страница 56: ...ced with the corresponding value Default Configuration The command has no default setting Command Mode Global Configuration mode User Guidelines You can use the macro global trace macro name Global Configuration mode command to apply and show the macros running on the switch or to debug the macro in order to locate any syntax or configuration errors If a command fails because of a syntax error or ...

Страница 57: ...display the global macro history using the show parser macro description command Example The following is an example of a macro being defined and then applied to the switch with the trace option Switch config macro name console timeout Enter macro commands one per line End with the character line console exec timeout timeout interval Switch config macro global trace console timeout timeout interva...

Страница 58: ...Examples Switch conf macro global description set console timeout interval 3 6 show parser macro Use the show parser macro User EXEC mode command to display the parameters for all configured macros or for one macro on the switch Syntax show parser macro brief description interface interface id name macro name Parameters brief Display the name of all macros description interface interface id Displa...

Страница 59: ...k state failures output truncated Macro name cisco desktop Macro type default interface macro keywords AVID Basic interface Enable data VLAN only Recommended value for access vlan AVID should not be 1 switchport access vlan AVID switchport mode access output truncated description interface Example 2 This is an example of output from the show parser macro name command Switch show parser macro stand...

Страница 60: ...default global cisco global default interface cisco desktop default interface cisco phone default interface cisco switch default interface cisco router customizable snmp Example 4 This is an example of output from the show parser macro description command Switch show parser macro description Global Macro s cisco global This is an example of output from the show parser macro description interface c...

Страница 61: ...one public DSA key and one private DSA key If the device already has DSA keys a warning is displayed with a prompt to replace the existing keys with new keys This command is not saved in the router configuration However the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up to another device Example The following example generate...

Страница 62: ...ith new keys This command is not saved in the router configuration however the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up to another device Example The following example generates RSA key pairs Console config crypto key generate rsa 4 3 show crypto key mypubkey The show crypto key mypubkey Privileged EXEC mode command dis...

Страница 63: ...ificate generate Global Configuration mode command generates a self signed certificate for HTTPS Syntax crypto certificate number generate key generate length passphrase string cn common name ou organization unit or organization loc location st state cu country duration days Parameters number Specifies the certificate number Range 1 2 key generate Regenerates SSL RSA key length Specifies the SSL s...

Страница 64: ...address when the certificate is generated or to the device s lowest static IPv4 address if there is no static IPv6 address or to 0 0 0 0 if there is no static IP address If duration days is not specified it defaults to 365 days Command Mode Global Configuration mode User Guidelines This command is not saved in the router configuration However the certificate and keys generated by this command are ...

Страница 65: ...h 1 64 characters loc location Specifies the location or city name Length 1 64 characters st state Specifies the state or province name Length 1 64 characters cu country Specifies the country name Length 2 characters Command Mode Privileged EXEC mode User Guidelines Use this command to export a certificate request to a Certification Authority The certificate request is generated in Base64 encoded ...

Страница 66: ...nUUenbfHp igVPmFM 1nbqTDekb2ymCu6K aKvEbVLF9F2LmM7VPjDBb9bb4jnxkvwW wzDLvW2rsy5NPmH1QVl 8Ubx3GyCm oW93BSOFwxwEsP58kf sPYPy 8wwmoNtDwIDAQABoB8wHQYJKoZIhvcNAQkH MRDjEyMwgICCAgICAICAgIMA0GCSqGSIb3DQEBBAUAA4GBAGb8UgIx7rB05m 2 m5ZZPhIwl8ARSPXwhVdJexFjbnmvcacqjPG8pIiRV6LkxryGF2bVU3jKEipcZa g uNpyTkDt3ZVU72pjz fa8TF0n3 END CERTIFICATE REQUEST CN router gm com 0 General Motors C US 4 6 crypto certificate ...

Страница 67: ...r displayed to the user or backed up to another device Example The following example imports a certificate signed by Certification Authority for HTTPS Console config crypto certificate 1 import BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw Cw...

Страница 68: ...mple The following example displays SSL certificate 1 present on the device Console show crypto certificate mycertificate 1 BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47 ZvKBAEL9Gg...

Страница 69: ...RSA and Certificate Commands 78 20269 01 Command Line Interface Reference Guide 70 4 Finger print DC789788 DC88A988 127897BC BB789788 ...

Страница 70: ...v6 address Unicast or Multicast IPv6 address to ping When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the User Guidelines of this command for the interface name syntax hostname Hostname to ping 160 characters Maximum label size 63 size packet_size Number of bytes in the packet not including the VLAN tag The default is 64 bytes IPv4 ...

Страница 71: ...decimal number decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example gi1 If the physical port name 0 then it is not defined and the default interface is used When using the ping ipv6 command to check network connectivity of a directly attached host using its link local address the egress interface may be specified in the IPv6Z format If the egress interface is no...

Страница 72: ...tes from 10 1 1 1 icmp_seq 3 time 7 ms 10 1 1 1 PING Statistics 4 packets transmitted 4 packets received 0 packet loss round trip ms min avg max 7 8 11 Example 3 Ping an IPv6 address console ping ipv6 3003 11 Pinging 3003 11 with 64 bytes of data 64 bytes from 3003 11 icmp_seq 1 time 0 ms 64 bytes from 3003 11 icmp_seq 2 time 50 ms 64 bytes from 3003 11 icmp_seq 3 time 0 ms 64 bytes from 3003 11 i...

Страница 73: ...me 70 ms 64 bytes from 3003 55 icmp_sq 4 time 1050 ms FF02 1 PING Statistics 4 packets transmitted 12 packets received 5 2 traceroute To display the routes that packets will take when traveling to their destination use the traceroute EXEC mode command Syntax traceroute ip ipv4 address hostname size packet_size ttl max ttl count packet_count timeout time_out source ip address tos tos traceroute ipv...

Страница 74: ... default Range Valid IP address tos tos The Type Of Service byte in the IP Header of the packet Range 0 255 Default Usage N A Command Mode EXEC mode User Guidelines The traceroute command works by taking advantage of the error messages generated by routers when a datagram exceeds its time to live TTL value The traceroute command starts by sending probe datagrams with a TTL value of one This causes...

Страница 75: ...ilene QSV POS calren2 net 198 32 249 162 1 msec 1 msec 1 msec 5 kscyng snvang abilene ucaid edu 198 32 8 103 33 msec 35 msec 35 msec 6 iplsng kscyng abilene ucaid edu 198 32 8 80 47 msec 45 msec 45 msec 7 so 0 2 0x1 aa1 mich net 192 122 183 9 56 msec 53 msec 54 msec 8 atm1 0x24 michnet8 mich net 198 108 23 82 56 msec 56 msec 57 msec 9 10 A ARB3 LSA NG c SEB umnet umich edu 141 211 5 22 58 msec 58m...

Страница 76: ...6 hostname Specifies the destination host name Length 1 160 characters Maximum label length 63 characters port Specifies the decimal TCP port number or one of the keywords listed in the Ports table in the User Guidelines Field Description The probe timed out Unknown packet type A Administratively unreachable Usually this output indicates that an access list is blocking traffic F Fragmentation requ...

Страница 77: ...ol functions to operating system specific functions To enter a Telnet sequence press the escape sequence keys Ctrl shift 6 followed by a Telnet command character Special Telnet Sequences At any time during an active Telnet session available Telnet commands can be listed by pressing the help keys at the system prompt A sample of this list follows Console help Special telnet escape help B sends teln...

Страница 78: ...s to remote hosts that were opened by the current Telnet session to the local device It does not list Telnet connections to remote hosts that were opened by other Telnet sessions Keywords Table Ports Table Options Description echo Enables local echo quiet Prevents onscreen display of all messages from the software source interfac e Specifies the source interface stream Turns on stream processing w...

Страница 79: ...P data connections 20 gopher Gopher 70 hostname NIC hostname server 101 ident Ident Protocol 113 irc Internet Relay Chat 194 klogin Kerberos login 543 kshell Kerberos shell 544 login Login 513 lpd Printer service 515 nntp Network News Transport Protocol 119 pim auto r p PIM Auto RP 496 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 smtp Simple Mail Transport Protocol 25 sunrpc S...

Страница 80: ...ching to another open Telnet session Syntax resume connection Parameters connection Specifies the connection number Range 1 4 connections Default Configuration The default connection number is that of the most recent connection Command Mode EXEC mode syslog Syslog 514 tacacs TAC Access Control System 49 talk Talk 517 telnet Telnet 23 time Time 37 uucp Unix to Unix Copy Program 540 whois Nickname 4...

Страница 81: ...ng host name Syntax hostname name no hostname Parameters Name Specifies the device host name Length 1 63 The hostname must start with a letter end with a letter or digit and have as interior characters only letters digits and hyphens Default Configuration No host name is defined Command Mode Global Configuration mode Example The following example specifies the device host name as enterprise Consol...

Страница 82: ...oad This command will reset the whole system and disconnect your current session Do you want to continue y n n 5 7 service cpu utilization The service cpu utilization Global Configuration mode command enables measuring CPU utilization Use the no form of this command to restore the default configuration Syntax service cpu utilization no service cpu utilization Parameters N A Default Configuration M...

Страница 83: ...le enables measuring CPU utilization Console config service cpu utilization 5 8 show cpu utilization The show cpu utilization Privileged EXEC mode command displays information about CPU utilization Syntax show cpu utilization Parameters N A Default Usage N A Command Mode Privileged EXEC mode User Guidelines Use the show cpu utilization command to enable measuring CPU utilization Example The follow...

Страница 84: ... Console show cpu utilization CPU utilization service is on CPU utilization five seconds 5 one minute 3 five minutes 3 5 9 show users The show users EXEC mode command displays information about the active users Syntax show users Parameters N A Default Usage N A Command Mode EXEC mode ...

Страница 85: ...how sessions Parameters N A Default Usage N A Command Mode EXEC mode User Guidelines The show sessions command displays Telnet sessions to remote hosts opened by the current Telnet session to the local device It does not display Telnet sessions to remote hosts opened by other Telnet sessions to the local device Console show users Username Bob John Robert Betty Sam Protocol Serial SSH HTTP Telnet L...

Страница 86: ...on Syntax show system Parameters There are no parameters for this command Command Mode EXEC mode Console show sessions Connection 1 2 Host Remote router 172 16 1 2 Address 172 16 1 1 172 16 1 2 Port 23 23 Byte 89 8 Field Description Connection The connection number Host The remote host to which the device is connected through a Telnet session Address The remote host IP address Port The Telnet TCP ...

Страница 87: ...port Gigabit Managed Switch System Up Time days hour min sec 03 02 27 46 System Contact System Name switch151400 System Location System MAC Address 00 24 ab 15 14 00 System Object ID 1 3 6 1 4 1 9 6 1 83 20 1 5 12 show version The show version EXEC mode command displays system version information Syntax show version Parameters N A Default Usage N A Command Mode EXEC mode Example The following exam...

Страница 88: ...5 EXEC mode command to display external MD5 digest of firmware Syntax show version md5 Parameters N A Default Usage N A Command Mode EXEC mode Example show version md5 Filename Status MD5 Digest image1 Active 23FA000012857D8855AABC7577AB5562 image2 Not Active 23FA000012857D8855AABEA7451265456 boot 23FA000012857D8855AABC7577AB8999 mage1 Not Active 23FA000012857D8855AABC757FE693844 image2 Active 23F...

Страница 89: ...o system resources routing Parameters routes Specifies the maximum number of remote networks in the routing table hosts Specifies the maximum number of directly attached hosts interfaces Specifies the maximum number of IP interfaces Default Configuration Hosts 2 100 default 100 Routes 1 32 default 32 IP Interfaces 2 32 default 32 Command Mode Global Configuration mode User Guidelines The settings ...

Страница 90: ...s information The values in the Current Value column show what resources are currently available The values in the After Reboot Value column show what resources will be available after reboot as a result of system resources routing command Console show system resources routing Parameters Current Value After Reboot Value Hosts 100 100 Routes 32 32 IP Interfaces 32 32 Example 2 The following example...

Страница 91: ...system mode router switch Parameters router Specifies that the device functions as a switch router switch Specifies that the device functions as a switch Default Configuration The default configuration is switch mode Layer 2 Command Mode Privileged EXEC mode User Guidelines After executing the command the Startup Configuration file is deleted and the device is rebooted It is highly recommended to ...

Страница 92: ...control Syntax show system mode Parameters N A Default Usage N A Command Mode EXEC mode Example The following example displays system mode information Console show system mode Feature State Mode Router Qos Active Policy based vlans Active 5 18 show system languages The show system languages EXEC mode command displays the list of supported languages Syntax show system languages ...

Страница 93: ...ions indicates the number of languages permitted on the device Console show system languages Language Name Unicode Name Code Num of Sections English English en US 2 Japanese µùѵ F P ja JP 2 5 19 show system tcam utilization The show system tcam utilization EXEC mode command displays the Ternary Content Addressable Memory TCAM utilization Syntax show system tcam utilization Parameters N A Default ...

Страница 94: ...es Syntax show services tcp udp Parameters N A Command Mode Privileged EXEC mode User Guidelines The output does not show sessions where the device is a TCP UDP client Examples Console show services tcp udp Type Local IP Address Remote IP address Service Name State TCP All 22 SSH LISTEN TCP All 23 Telnet LISTEN TCP All 80 HTTP LISTEN TCP All 443 HTTPS LISTEN TCP 172 16 1 1 23 172 16 1 18 8789 Teln...

Страница 95: ...mmand displays the system identity information Syntax show system id Parameters There are no parameters for this command Command Mode EXEC mode Example The following example displays the system identity information Console show system id serial number 114 5 22 show cpu input rate The show cpu input rate EXEC mode command displays the rate of input frames to the CPU in packets per seconds pps Synta...

Страница 96: ...agement Commands 78 20269 01 Command Line Interface Reference Guide 97 5 User Guidelines Example The following example displays CPU input rate information Console show cpu input rate Input Rate to CPU is 1030 pps ...

Страница 97: ...onth Range 1 31 month Specifies the current month using the first three letters of the month name Range Jan Dec year Specifies the current year Range 2000 2037 Command Mode Privileged EXEC mode User Guidelines It is recommended that the user enter the local clock time and date Example The following example sets the system time to 13 32 00 on March 7th 2005 Console clock set 13 32 00 7 Mar 2005 6 2...

Страница 98: ... time source for the system clock Console config clock source sntp 6 3 clock timezone Use the clock timezone Global Configuration command to set the time zone for display purposes Use the no form of this command to set the time to Coordinated Universal Time UTC or Greenwich Mean Time GMT which is the same Syntax clock timezone zone hours offset minutes offset no clock timezone Parameters zone The ...

Страница 99: ...ck summer time Global Configuration command to configure the system to automatically switch to summer time Daylight Saving Time Use the no form of this command to configure the software not to automatically switch to summer time Syntax clock summer time zone recurring usa eu week day month hh mm week day month hh mm offset clock summer time zone date day month year hh mm date month year hh mm offs...

Страница 100: ... year no abbreviation Range 2000 2097 hh mm Time military format in hours and minutes Range hh mmhh 0 23 mm 0 59 offset Number of minutes to add during summer time default is 60 Range 1440 Default Configuration Summer time is disabled Command Mode Global Configuration mode User Guidelines In both the date and recurring forms of the command the first part of the command specifies when summer time b...

Страница 101: ...ich Mean Time GMT Example console config clock summer time abc date apr 1 2010 09 00 aug 2 2010 09 00 6 5 clock dhcp timezone Use the clock dhcp timezone Global Configuration command to specify that the timezone and the Summer Time Daylight Saving Time of the system can be taken from the DHCP Timezone option Use the no form of this command disable this option Syntax clock dhcp timezone no clock dh...

Страница 102: ... the dynamic Time Zone and Summer Time from the DHCP server are cleared In case of multiple DHCP enabled interfaces the last accepted DHCP Time Zone option overrides any previous DHCP Time Zone option This means that the last accepted DHCP Time Zone option overrides the previous Time Zone and the Summer Time even if it includes only one of them Disabling the DHCP client from where the DHCP TimeZon...

Страница 103: ...uthentication key 8 md5 ClkKey Device config sntp authentication key 8 md5 ClkKey Device config sntp trusted key 8 Device config sntp authenticate 6 7 sntp authenticate The sntp authenticate Global Configuration mode command enables authentication for received Simple Network Time Protocol SNTP traffic from servers Use the no form of this command to disable the feature Syntax sntp authenticate no s...

Страница 104: ... authenticate 6 8 sntp trusted key The sntp trusted key Global Configuration mode command authenticates the identity of the system with which Simple Network Time Protocol SNTP synchronizes Use the no form of this command to disable system identity authentication Syntax sntp trusted key key number no sntp trusted key key number Parameters key number Specifies the key number of the authentication ke...

Страница 105: ...Protocol SNTP Broadcast clients Use the no form of this command to disable SNTP Broadcast clients Syntax sntp broadcast client enable no sntp broadcast client enable Default Configuration The SNTP Broadcast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp broadcast client enable Interface Configuration mode command to enable the SNTP Broadcast client on a spec...

Страница 106: ...e SNTP unicast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp server Global Configuration mode command to define SNTP servers Example The following example enables the device to use SNTP Unicast clients Console config sntp unicast client enable 6 11 sntp server The sntp server Global Configuration mode command configures the device to use the Simple Network ...

Страница 107: ...interface name has the format vlan integer po integer isatap integer physical port name The subparameter integer has the format decimal digit integer decimal digit Range for the decimal digit 0 9 The following combinations are possible ipv6_address interface_id Refers to the IPv6 address on the interface specified ipv6_address 0 Refers to the IPv6 address on the single interface on which an IPv6 a...

Страница 108: ...ger decimal number decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example gi6 If the egress interface is not specified the default interface is selected The following combinations are possible ipv6_address interface_id Refers to the IPv6 address on the interface specified ipv6_address 0 Refers to the IPv6 address on the single interface on which an IPv6 address is...

Страница 109: ...ple The following example displays the system time and date Console show clock 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Console show clock detail 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Time zone Acronym is PST Offset is UTC 8 Summertime Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Ends at last Sunday of October at 2 00 Offset is 60 minutes ...

Страница 110: ...ne static Acronym is PST Offset is UTC 8 Summertime Static Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Ends at last Sunday of October at 2 00 Offset is 60 minutes DHCP timezone Enabled 6 13 show sntp configuration The show sntp configuration Privileged EXEC mode command displays the Simple Network Time Protocol SNTP configuration on the device Syntax show sntp confi...

Страница 111: ...terval 1024 seconds No MD5 authentication keys Authentication is not required for synchronization No trusted keys Unicast Clients Enabled Unicast Clients Polling Enabled Server Polling Encryption Key 1 1 1 121 Disabled Disabled Broadcast Clients disabled Anycast Clients disabled No Broadcast Interfaces console 6 14 show sntp status The show sntp status Privileged EXEC mode command displays the Sim...

Страница 112: ...is synchronized stratum 4 reference is 176 1 1 8 unicast Reference time is AFE2525E 70597B34 00 10 22 438 PDT Jul 5 1993 Unicast servers Server 176 1 1 8 176 1 8 1 79 Status Up Unknown Last response 19 58 22 289 PDT Feb 19 2005 12 17 17 987 PDT Feb 19 2005 Offset mSec 7 33 8 98 Delay mSec 117 79 189 19 Anycast server Server 176 1 11 8 Interface VLAN 118 Status Up Last response 9 53 21 789 PDT Feb ...

Страница 113: ...Clock Commands 78 20269 01 Command Line Interface Reference Guide 114 6 Broadcast Server 176 9 1 1 Interface VLAN 119 Last response 19 17 59 792 PDT Feb 19 2002 ...

Страница 114: ...in SNMP format Used only when copying from to the Startup Configuration file The following table displays the URL options Keyword Source or Destination flash Source or destination URL for flash memory This is the default URL If a URL is specified without a prefix running config Currently running configuration file This cannot be the destination file startup config flash startup co nfig Startup con...

Страница 115: ... Xmodem protocol null Null destination for copies or files A remote file can be copied to null to determine its size For instance copy running conf null returns the size of the running configuration file backup config Backup configuration file A configuration file can be downloaded to this file without giving a file name This can then be copied to the running conf or startup conf files mirror conf...

Страница 116: ...ly tftp is the source file and destination file on the same copy prv files cannot be copied The destination file cannot be the Running Configuration file for products with mirror config mirror config cannot be used as a destination The following table describes the characters displayed by the system when copy is being run Copying an Image File from a Server to Flash Memory Use the copy source url ...

Страница 117: ... file to a network server Saving the Running Configuration to the Startup Configuration Use the copy running config startup config command to copy the running configuration to the startup configuration file Backing Up the Running Configuration or Startup Configuration to the Backup Configuration Use the copy running config backup config command to back up the running configuration to the backup co...

Страница 118: ...server with an IP address of 172 16 101 101 to a non active image file console copy tftp 172 16 101 101 file1 flash image Accessing file file1 on 172 16 101 101 Loading file1 from 172 16 101 101 OK Copy took 0 01 11 hh mm ss Example 3 Copying the mirror config file to the startup configuration file The following example copies the mirror configuration file saved by the system to the Startup Config...

Страница 119: ...s N A Default Configuration N A Command Mode Privileged EXEC mode Examples The following example copies system image file1 from the TFTP server 172 16 101 101 to a non active image file Console write memory Overwrite file startup config Yes press any key for no 15 Sep 2010 11 27 48 COPY I FILECPY Files Copy source URL running config destination URL flash startup config 15 Sep 2010 11 27 50 COPY N ...

Страница 120: ... Examples The following example copies system image file1 from the TFTP server 172 16 101 101 to a non active image file Console write Overwrite file startup config Yes press any key for no 15 Sep 2010 11 27 48 COPY I FILECPY Files Copy source URL running config destination URL flash startup config 15 Sep 2010 11 27 50 COPY N TRAP The copy operation was completed successfully Copy succeeded 7 4 de...

Страница 121: ...XEC mode User Guidelines sys prv image 1 and image 2 files cannot be deleted Example The following example deletes the file called test from the flash memory Console delete flash test Delete flash test confirm 7 5 dir The dir Privileged EXEC mode command displays the list of files on a flash file system Syntax dir directory path Keyword Source or Destination flash URL of the flash memory This is t...

Страница 122: ... Name Permission Flash Size Data Size Modified backuplo rw 851760 525565 22 Dec 2010 10 50 32 tmp rw 524288 104 01 Jan 2010 05 35 04 image 1 rw 10485760 10485760 01 Jan 2010 06 10 23 image 2 rw 10485760 10485760 01 Jan 2010 05 43 54 dhcpsn prv 262144 01 Jan 2010 05 25 07 sshkeys prv 262144 04 Jan 2010 06 05 00 syslog1 sys r 524288 01 Jan 2010 05 57 00 syslog2 sys r 524288 01 Jan 2010 05 57 00 dire...

Страница 123: ...Command Mode Privileged EXEC mode User Guidelines Files are displayed in ASCII format except for the images which are displayed in a hexadecimal format prv files cannot be displayed Example The following example displays the running configuration file contents console more running config no spanning tree Keyword Source or Destination flash Source or destination URL for flash memory If a URL is spe...

Страница 124: ...tem image 1 image 2 Parameters image 1 Specifies that image 1 is loaded as the system image during the next device startup image 2 Specifies that image 2 is loaded as the system image during the next device startup Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Use the show bootvar command to display the active image Example The fo...

Страница 125: ...displays the active system image file that is loaded by the device at startup 7 9 show running config The show running config Privileged EXEC mode command displays the entire current Running Configuration file contents or the contents of the file for the specified interface s Syntax show running config interface interface id list Console show bootvar Image 1 2 filename image 1 image 2 Version 1 1 ...

Страница 126: ...ion that can be displayed in the output Only non default configurations are displayed Example The following example displays the Running Configuration file contents Example 1 Show the entire Running Configuration file Console show running config no spanning tree interface range gi1 48 speed 1000 exit no lldp run interface vlan 1 ip address 1 1 1 1 255 0 0 0 exit line console exec timeout 0 exit co...

Страница 127: ...uto spanning tree link type point to point spanning tree cost 200000 spanning tree port priority 224 spanning tree guard root spanning tree mst 2 port priority 64 spanning tree mst 2 cost 2222 spanning tree mst 4 port priority 80 qos cos 6 traffic shape 12345 switchport mode general switchport general allowed vlan add 12 14 20 tagged switchport general allowed vlan add 2 11 13 100 3000 3002 3004 3...

Страница 128: ...agged only switchport general pvid 111 switchport trunk native vlan 22 7 10 show startup config The show startup config Privileged EXEC mode command displays the startup configuration file contents Syntax show startup config interface interface id list Parameters interface interface id list Specifies list of interface IDs The interface IDs can be one of the following types Ethernet port Port chann...

Страница 129: ...i1 48 speed 1000 exit no lldp run interface vlan 1 ip address 1 1 1 1 255 0 0 0 exit line console exec timeout 0 exit console Example 2 The following example displays the Startup Configuration file contents for ports 1 and 2 console show startup config interface gi1 2 interface gi1 back pressure duplex half speed 10 flowcontrol on negotiation 10h 100h 100f dot1x max req 8 description Hello World S...

Страница 130: ...6 traffic shape 12345 switchport mode general switchport general allowed vlan add 12 14 20 tagged switchport general allowed vlan add 2 11 13 100 3000 3002 3004 3006 3008 untagged switchport general map macs group 1 vlan 111 switchport general ingress filtering disable switchport general acceptable frame type untagged only switchport general pvid 111 interface fastethernet 2 ip address 1 100 100 1...

Страница 131: ...Configuration and Image File Commands 78 20269 01 Command Line Interface Reference Guide 132 7 switchport general pvid 111 switchport trunk native vlan 22 ...

Страница 132: ...e the no form of this command to disable DHCP auto configuration Syntax boot host auto config no boot host auto config Parameters N A Default Configuration Enabled by default Command Mode Global Configuration mode Default Configuration Enabled by default Example console conf boot host auto config 8 2 show boot Use the show boot Privilege EXEC mode command to show the status of the IP DHCP Auto Con...

Страница 133: ...ip dhcp tftp server ip address Use the ip dhcp tftp server ip address Global Configuration mode command to set the TFTP server s IP address This address server as the default address used by a switch when it has not been received from the DHCP server Use the no form of this command to remove the address Syntax ip dhcp tftp server ip address ip addr no ip dhcp tftp server ip address Parameters ip a...

Страница 134: ... when it has not been received from the DHCP server This serves as the default configuration file Use the no form of this command to remove the name Syntax ip dhcp tftp server file file path no ip dhcp tftp server file Parameters file path Full file path and name of the configuration file on TFTP server Default Configuration No file name Command Mode Global Configuration mode Examples console conf...

Страница 135: ... 1 from sname manual 2 2 2 2 file path on tftp server active conf conf file from option 67 8 6 ip dhcp information option Use the ip dhcp information option Global Configuration command to enable DHCP option 82 data insertion Use the no form of this command to disable DHCP option 82 data insertion Syntax ip dhcp information option no ip dhcp information option Parameters N A Default Configuration ...

Страница 136: ...le config ip dhcp information option 8 7 show ip dhcp information option The show ip dhcp information option EXEC mode command displays the DHCP Option 82 configuration Syntax show ip dhcp information option Parameters N A Default Configuration N A Command Mode EXEC mode Example The following example displays the DHCP Option 82 configuration console show ip dhcp information option Relay agent Info...

Страница 137: ...ation mode User Guidelines Use this command to configure a management access list This command enters the Management Access List Configuration mode where the denied or permitted access conditions are defined with the deny and permit commands If no match criteria are defined the default value is deny When re entering the access list context the new rules are entered at the end of the access list Us...

Страница 138: ...eates a management access list called mlist configures all interfaces to be management interfaces except gi1 and 9 and makes the new access list the active list Console config management access list mlist Console config macl deny gi1 Console config macl deny gi9 Console config macl permit Console config macl exit Console config management access class mlist 9 2 permit Management The permit Managem...

Страница 139: ...work mask This parameter is relevant only to IPv4 addresses mask prefix length Specifies the number of bits that comprise the source IPv4 address prefix The prefix length must be preceded by a forward slash This parameter is relevant only to IPv4 addresses Range 0 32 Default Configuration No rules are configured Command Mode Management Access List Configuration mode User Guidelines Rules with Ethe...

Страница 140: ...address prefix length The prefix length must be preceded by a forward slash The parameter is optional mask mask Specifies the source IPv4 address network mask The parameter is relevant only to IPv4 addresses mask prefix length Specifies the number of bits that comprise the source IPv4 address prefix The prefix length must be preceded by a forward slash The parameter is relevant only to IPv4 addres...

Страница 141: ... class Parameters console only Specifies that the device can be managed only from the console name Specifies the ACL name to be used Length 1 32 characters Default Configuration The default configuration is no management connection restrictions Command Mode Global Configuration mode Example The following example defines an access list called mlist as the active management access list Console confi...

Страница 142: ...ivileged EXEC mode Example The following example displays the mlist management ACL Console show management access list mlist console only deny Note all other access implicitly denied mlist permit gi1 permit gi9 Note all other access implicitly denied console 9 6 show management access class The show management access class Privileged EXEC mode command displays information about the active manageme...

Страница 143: ... Line Interface Reference Guide 144 9 Command Mode Privileged EXEC mode Example The following example displays the active management ACL information Console show management access class Management access class is enabled using access list mlist ...

Страница 144: ...ult Configuration Enabled Command Mode Global Configuration mode Example console config snmp server server 10 2 snmp server community Use the snmp server community Global Configuration mode command to set up the community access string to permit access to the Simple Network Management Protocol command Use the no form of this command to remove the specified community string Syntax snmp server commu...

Страница 145: ...racters ipv4 address Management station IPv4 address The default is all IP addresses ipv6 address Management station IPv4 address The default is all IP addresses The following combinations are possible ipv6_address interface_id Refers to the IPv6 address on the interface specified ipv6_address 0 Refers to the IPv6 address on the single interface on which an IPv6 address is defined ipv6_address Ref...

Страница 146: ...ing The logical key of the command is the pair community ip address If ip address is omitted then the key is community All Ips By specifying the view name parameter the software Generates an internal security name Maps the internal security name for SNMPv1 and SNMPv2 security models to an internal group name Maps the internal group name for SNMPv1 and SNMPv2 security models to view name read view ...

Страница 147: ...n SNMP server view entry Syntax snmp server view view name oid tree included excluded no snmp server view view name oid tree Parameters view name Specifies the label for the view record that is being created or updated The name is used to reference the record Length 1 30 characters oid tree Specifies the ASN 1 subtree object identifier to be included or excluded from the view To identify the subtr...

Страница 148: ...B II interface group Console config snmp server view user view system included Console config snmp server view user view system 7 excluded Console config snmp server view user view ifEntry 1 included 10 4 snmp server group The snmp server group Global Configuration mode command configures a new Simple Network Management Protocol SNMP group or a table that maps SNMP users to SNMP views Use the no f...

Страница 149: ...ame that enables viewing only the agent contents Length 1 30 characters write writeview Specifies the view name that enables entering data and configuring the agent contents Length 1 30 characters Default Configuration No group entry exists If notifyview is not specified nothing is defined for the notify view If readview is not specified all objects except for the community table and SNMPv3 user a...

Страница 150: ...aracters groupname The name of the group to which the user belongs The group should be configured using the command snmp server group with v3 parameters no specific order of the 2 command configurations is imposed on the user Range Up to 30 characters remote host IP address of the remote SNMP host v1 Specifies that v1 is to be used v2c Specifies that v2c is to be used v3 Specifies that v3 is to be...

Страница 151: ...nforms To configure a remote user specify the IP address for the remote SNMP agent of the device where the user resides Also before you configure remote users for a particular agent configure the SNMP engine ID using the snmp server engineID remote command The remote agent s SNMP engine ID is needed when computing the authentication and privacy digests from the password If the remote engine ID is ...

Страница 152: ...excluded no snmp server filter filter name oid tree Parameters filter name Specifies the label for the filter record that is being updated or created The name is used to reference the record Length 1 30 characters oid tree Specifies the ASN 1 subtree object identifier to be included or excluded from the view To identify the subtree specify a text string consisting of numbers such as 1 3 6 2 4 or a...

Страница 153: ...erver host Use the snmp server host Global Configuration mode command to specify the recipient of a Simple Network Management Protocol notification operation Use the no form of this command to remove the specified host Syntax snmp server host ipv4 address ipv6 address hostname traps informs version 1 2c 3 auth noauth priv community string udp port port filter filtername timeout seconds retries ret...

Страница 154: ...onfigurations is imposed on the user Range Up to 30 characters timeout seconds Number of seconds to wait for an acknowledgment before resending informs The default is 15 seconds The parameter is relevant only for informs Range 1 300 retries retries Maximum number of times to resend an inform request when a response is not received for a generated message The default is 3 The parameter is relevant ...

Страница 155: ...ingle interface on which an IPv6 address is defined If the egress interface is not specified the default interface is selected Specifying interface zone 0 is equal to not defining an egress interface Example The following defines a host at the IP address displayed console config snmp server host 1 1 1 121 abc 10 8 snmp server engineID remote To specify the Simple Network Management Protocol SNMP e...

Страница 156: ... ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host The format of an IPv6Z address is ipv6 link local address interface name interface name vlan integer ch integer isatap integer physical port name 0 integer decimal number integer decimal number decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for exampl...

Страница 157: ...mp server trap authentication Use the snmp server trap authentication Global Configuration mode command to enable the device to send SNMP traps when authentication fails Use the no form of this command to disable SNMP failed authentication traps Syntax snmp server trap authentication no snmp server trap authentication Default Configuration SNMP failed authentication traps are enabled Command Mode ...

Страница 158: ...tring describing system contact information Length 1 160 characters Command Mode Global Configuration mode Example The following example configures the system contact point called Technical_Support Console config snmp server contact Technical_Support 10 12 snmp server location Use the snmp server location Global Configuration mode command to configure the system location string Use the no form of ...

Страница 159: ... name Specifies the SNMP MIB variable name which must be a valid string name value Specifies a list of name and value pairs Each name and value must be a valid string In the case of scalar MIBs there is only a single name value pair In the case of an entry in a table there is at least one name value pair followed by one or more fields Command Mode Global Configuration mode User Guidelines Although...

Страница 160: ...isplay the SNMP status Syntax show snmp Command Mode Privileged EXEC mode Example The following example displays the SNMP communications status Console show snmp SNMP is enabled Community String public private private Community Access read only read write su View name user view Default DefaultSuper IP Address All 172 16 1 1 10 172 16 1 1 Type Router Router Router Community string public Group name...

Страница 161: ...unity public public Version 2 2 UDP Port 162 162 Filter Name TO Sec 15 15 Retries 3 3 Version 3 notifications Target Address 192 122 173 42 Type Inform Username Bob Security Level Priv UDP Port 162 Filter name TO Sec 15 Retries 3 System Contact Robert System Location Marketing Field Description Community string The community access string permitting access to the SNMP protocol Community access The...

Страница 162: ...16 1 1 08009009020C0B099C075879 10 16 show snmp views Use the show snmp views Privileged EXEC mode command to display the configured SNMP views Syntax show snmp views viewname Parameters viewname Specifies the view name Length 1 30 characters Command Mode Privileged EXEC mode Example The following example displays the configured SNMP views Console show snmp views Name OID Tree Type Default Default...

Страница 163: ... Length 1 30 characters Command Mode Privileged EXEC mode Example The following example displays the configured SNMP groups The following table describes significant fields shown above Console show snmp groups Name Securit y Views user group managers gro up Model V3 V3 Level priv priv Read Default Default Write Default Notify Field Description Name Group name Security Model SNMP model in use v1 v2...

Страница 164: ...ileged EXEC mode Example The following example displays the configured SNMP filters Views Read View name enabling viewing the agent contents If unspecified all objects except the community table and SNMPv3 user and access tables are available Write View name enabling data entry and managing the agent contents Notify View name enabling specifying an inform or a trap Console show snmp filters Name O...

Страница 165: ... command to display the configured SNMP users Syntax show snmp users username Parameters username Specifies the user name Length 1 30 characters Command Mode Privileged EXEC mode Example The following example displays the configured SNMP users Console show snmp users Name John John Group name user group user group Auth Method md5 md5 Remote 08009009020C0B099C07 5879 ...

Страница 166: ...xample The following example enables configuring the device from a web browser Console config ip http server 11 2 ip http timeout policy Use the ip http timeout policy Global Configuration mode command to set the interval for the system to wait for user input in http https sessions before automatic logoff Use the no form of this command to return to the default value Syntax ip http timeout policy ...

Страница 167: ...ttp timeout policy 0 command Example The following example configures the http timeout to be 1000 seconds Console config ip http timeout policy 1000 11 3 ip http secure server Use the ip http secure server Global Configuration mode command to enable the device to be configured securely from a browser and to also enable the device to be monitored or have its configuration modified securely from a b...

Страница 168: ...iguration mode command configures the active certificate for HTTPS Use the no form of this command to restore the default configuration Syntax ip https certificate number no ip https certificate Parameters number Specifies the certificate number Range 1 2 Default Configuration The default certificate number is 1 Command Mode Global Configuration mode User Guidelines Use the crypto certificate gene...

Страница 169: ... show ip http Command Mode EXEC mode Example The following example displays the HTTP server configuration Console show ip http HTTP server enabled Port 80 Interactive timeout 10 minutes 11 6 show ip https The show ip https Privileged EXEC mode command displays the HTTPS server configuration Syntax show ip https Command Mode Privileged EXEC mode Example The following example displays the HTTPS serv...

Страница 170: ...ive timeout 10 minutes Certificate 1 is active Issued by www verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by self signed Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print 1873B936 88DC3411 BC8932EF 782134BA ...

Страница 171: ...yntax ip telnet server no ip telnet server Default Configuration Device configuration from a Telnet server is disabled by default Command Mode Global Configuration mode User Guidelines To control the device configuration by SSH use the ip ssh server Global Configuration mode command Example The following example enables the device to be configured from a Telnet server Console config ip telnet serv...

Страница 172: ... generate rsa Global Configuration mode commands Example The following example enables configuring the device from a SSH server Console config ip ssh server 12 3 user key The user key SSH Public Key string Configuration mode command specifies which SSH public key is manually configured Use the no form of this command to remove an SSH public key Syntax user key username rsa dsa no user key username...

Страница 173: ...wing example enables manually configuring an SSH public key for SSH public key chain bob Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string row AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl 12 4 key string The key string SSH Public Key string Configuration mode command manually specifies an SSH public key Syntax key string row key...

Страница 174: ...key string row command The UU encoded DER format is the same format as in the authorized_keys file used by OpenSSH Example The following example enters public key strings for SSH public key client bob Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ ZNX...

Страница 175: ...e is used to manually specify other device public keys such as SSH client public keys Syntax crypto key pubkey chain ssh Default Configuration Keys do not exist Command Mode Global Configuration mode User Guidelines Use this command when you want to manually specify SSH client s public keys Example The following example enters the SSH Public Key chain Configuration mode and manually configures the...

Страница 176: ... b9 33 e9 12 6 show crypto key pubkey chain ssh The show crypto key pubkey chain ssh Privileged EXEC mode command displays SSH public keys stored on the device Syntax show crypto key pubkey chain ssh username username fingerprint bubble babble hex Parameters username username Specifies the remote SSH client username Length 1 48 characters fingerprint bubble babble hex Specifies the fingerprint dis...

Страница 177: ... Username bob john Fingerprint 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 98 F7 6E 28 F2 79 87 C8 18 F8 88 CC F8 89 87 C8 Console show crypto key pubkey chain ssh username bob Username bob Key 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 Fingerprint 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 12 7 show ip ssh The show ip ssh P...

Страница 178: ...fields shown in the display Console show ip ssh SSH server enabled Port 22 RSA key was generated DSA DSS key was generated SSH Public Key Authentication is enabled Active incoming sessions IP address 172 16 0 1 SSH username John Brown Version 1 5 Cipher 3DES Auth code HMAC SHA1 Field Description IP address The client address SSH username The user name Version The SSH version number Cipher The encr...

Страница 179: ...t Configures the device as a virtual terminal for remote console access Telnet ssh Configures the device as a virtual terminal for secured remote console access SSH Command Mode Global Configuration mode Example The following example configures the device as a virtual terminal for remote Telnet console access Console config line telnet Console config line 13 2 speed The speed Line Configuration mo...

Страница 180: ...speed is applied when Autobaud is disabled This configuration applies to the current session only Example The following example configures the line baud rate as 9600 bits per second Console config line speed 9600 13 3 autobaud The autobaud Line Configuration mode command sets the line for automatic baud rate detection autobaud Use the no form of this command to disable automatic baud rate detectio...

Страница 181: ...tem waits for user input before automatic logoff Use the no form of this command to restore the default configuration Syntax exec timeout minutes seconds no exec timeout Parameters minutes Specifies the number of minutes Range 0 65535 seconds Specifies the number of seconds Range 0 59 Default Configuration The default idle time interval is 10 minutes Command Mode Line Configuration mode Example Th...

Страница 182: ...tion telnet Displays the Telnet configuration ssh Displays the SSH configuration Default Configuration If the line is not specified all line configuration parameters are displayed Command Mode EXEC mode Example The following example displays the line configuration Console show line Console configuration Interactive timeout Disabled History 10 Baudrate 9600 Databits 8 Parity none Stopbits 1 Telnet ...

Страница 183: ... Commands 78 20269 01 Command Line Interface Reference Guide 184 13 Interactive timeout 10 minutes 10 seconds History 10 SSH configuration SSH is enabled Interactive timeout 10 minutes 10 seconds History 10 ...

Страница 184: ...efault Configuration Enable Command Mode Global Configuration mode Examples console conf bonjour enable 14 2 bonjour interface range Use the bonjour interface range Global Configuration mode command to add L2 interfaces to the Bonjour L2 Interface List Use the no format of the command to remove L2 interfaces from the list Syntax bonjour interface range interface list Parameters interface list Spec...

Страница 185: ... is in Layer 3 router mode Examples console config bonjour interface range gi1 3 14 3 show bonjour Use the show bonjour Privileged EXEC mode command to show Bonjour information Syntax show bonjour interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port Port channel VLAN Command Mode Privileged EXEC mode Examples Layer 2 consol...

Страница 186: ...per Status csco sb enabled enabled http enabled enabled https enabled disabled ssh enabled disabled telnet enabled disabled Layer 3 console show bonjour Bonjour global status enabled Bonjour L2 interfaces port list vlans 1 Service Admin Status Oper Status csco sb enabled enabled http enabled enabled https enabled disabled ssh enabled disabled telnet enabled disabled ...

Страница 187: ... Uses the authentication methods that follow this argument as the default method list when a user logs in list name Specifies a name of a list of authentication methods activated when a user logs in Length 1 12 characters method1 method2 Specifies a list of methods that the authentication algorithm tries in the given sequence The additional authentication methods are used only if the previous meth...

Страница 188: ...and are used with aaa authentication login and aaa authentication enable The additional methods of authentication are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that the authentication succeeds even if all methods return an error no aaa authentication login list name deletes list name if it has not been reference...

Страница 189: ...the final method in the command line to ensure that the authentication succeeds even if all methods return an error Select one or more methods from the following list Default Configuration The enable password command is the default authentication login method This is the same as entering the command aaa authentication enable default enable On a console the enable password is used if a password exi...

Страница 190: ...al methods of authentication are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that the authentication succeeds even if all methods return an error no aaa authentication enable list name deletes list name if it has not been referenced Example The following example sets the enable password for authentication for acce...

Страница 191: ...mmand Mode Global Configuration mode User Guidelines The command is relevant for HTTP and HTTPS server users The additional methods of authentication are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that the authentication succeeds even if all methods return an error Example The following example specifies the HTTP...

Страница 192: ... Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example The following example displays the authentication configuration Console show authentication methods Login Authentication Method Lists Default Radius Local Line Console_Login Line None Enable Authentication Method Lists Default Radius Enable Console_Enable Enable None ...

Страница 193: ...n to the default password Syntax password password encrypted no password Parameters password Specifies the password for this line Length 0 159 characters encrypted Specifies that the password is encrypted and copied from another device configuration Default Configuration No password is defined Command Mode Line Configuration mode Line Console Telnet SSH Login Method List Console_Login Default Defa...

Страница 194: ...pted and the encrypted value If the administrator wants to manually copy a password that was configured on one switch for instance switch B to another switch for instance switch A the administrator must add encrypted in front of this encrypted password when entering the enable command in switch A In this way the two switches will have the same password Syntax enable password level privilege level ...

Страница 195: ...n file The second command sets a password that has already been encrypted It will copied to the configuration file just as it is entered To use it the user must know its unencrypted form console config enable password level 7 let me in console config enable password level 15 encrypted 4b529f21c93d4706090285b0c10172eb073ffebc4 15 7 username Use the username Global Configuration mode command to esta...

Страница 196: ...evel is 15 Range 1 15 Default Configuration No user is defined Command Mode Global Configuration mode Usage Guidelines See User Privilege Levels for an explanation of privilege levels Example The first command sets an unencrypted password for user tom it will be encrypted in the configuration file The second command sets a password for user jerry that has already been encrypted It will copied to t...

Страница 197: ...on about the users local database The following table describes the significant fields shown in the display 15 9 passwords complexity enable Use the passwords complexity enable Global Configuration mode command to enforce minimum password complexity The no form of this command disables enforcing password complexity Console show user accounts Username Bob Robert Smith Privilege 15 15 15 Field Descr...

Страница 198: ...ters lowercase letters numbers and special characters available on a standard keyboard Are different from the current password Contains no character that is repeated more than 3 times consecutively Does not repeat or reverse the user name or any variant reached by changing the case of the characters Does not repeat or reverse the manufacturer s name or any variant reached by changing the case of t...

Страница 199: ...current Enabled Maximum consecutive same characters 3 New password must be different than the user name Enabled New password must be different than the manufacturer name Enabled switchcc293e 15 10 passwords complexity attributes Use the passwords complexity attributes Global Configuration mode commands to control the minimum requirements from a password when password complexity is enabled Use the ...

Страница 200: ...that the new password cannot be the same as the current password no repeat number Specifies the maximum number of characters in the new password that can be repeated consecutively Zero specifies that there is no limit on repeated characters Range 0 16 not username Specifies that the password cannot repeat or reverse the user name or any variant reached by changing the case of the characters not ma...

Страница 201: ...mand to return to default Syntax passwords aging days no passwords aging Parameters days Specifies the number of days before a password change is forced You can use 0 to disable aging Range 0 365 Default Configuration Enabled and the number of days is 180 days Command Mode Global Configuration mode User Guidelines Aging is relevant only to users of the local database with privilege level 15 and to...

Страница 202: ...n Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example console show passwords configuration Passwords aging is enabled with aging time 180 days Passwords complexity is enabled with the following attributes Minimal length 3 characters Minimal classes 3 New password must be different than the current Enabled Maximum consecutive same characters 3 New password must be dif...

Страница 203: ...ength The minimal length required for passwords in the local database Minimal character classes The minimal number of different types of characters special characters integers and so on required to be part of the password Maximum number of repeated characters The maximum number of times a singe character can be repeated in the password Level The applied password privilege level Aging The password ...

Страница 204: ...ameters ipv4 address Specifies the RADIUS server host IPv4 address ipv6 address Specifies the RADIUS server host IPv6 address ipv6z address Specifies the RADIUS server host IPv6Z address The IPv6Z address format is ipv6 link local address interface name The subparameters are ipv6 link local address Specifies the IPv6 Link Local address interface name Specifies the outgoing interface name The inter...

Страница 205: ...cation and encryption key for all RADIUS communications between the device and the RADIUS server This key must match the encryption used on the RADIUS daemon To specify an empty string enter Length 0 128 characters source ipv4 address ipv6 address Specifies the source IPv4 or IPv6 address to use for communication 0 0 0 0 is interpreted as a request to use the IP address of the outgoing IP interfac...

Страница 206: ...tries deadtime or key string values are specified the global values apply to each RADIUS server host The source parameter address type must be the same as that of the host parameter Example The following example specifies a RADIUS server host with IP address 192 168 10 1 authentication request port number 20 and a 20 second timeout period Console config radius server host 192 168 10 1 auth port 20...

Страница 207: ...s the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon Console config radius server key enterprise server 16 3 radius server retransmit Use the radius server retransmit Global Configuration mode command to specify the number of times the software searches the list of RADIUS server hosts Use the no form of this command to restore the default c...

Страница 208: ... no form of this command to restore the default configuration Syntax radius server source ip source no radius server source ip source Parameters source Specifies the source IP address Default Configuration The source IP address is the IP address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines If there is no available IP interface of the configured IP source addr...

Страница 209: ...address is the IP address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines If there is no available IP interface of the configured IP source address an error message is issued when attempting to communicate with the IP address Example The following example configures the source IP address used for communication with all RADIUS servers to 3ffe 1900 4545 3 200 f8ff...

Страница 210: ...erval on all RADIUS servers to 5 seconds Console config radius server timeout 5 16 7 radius server deadtime Use the radius server deadtime Global Configuration mode command to configure the time interval during which unavailable RADIUS servers are skipped over by transaction requests This improves RADIUS response time when servers are unavailable Use the no form of this command to restore the defa...

Страница 211: ...time interval is 0 Command Mode Global Configuration mode Example The following example sets all RADIUS server deadtimes to 10 minutes Console config radius server deadtime 10 16 8 show radius servers Use the show radius servers Privileged EXEC mode command to display the RADIUS server settings Syntax show radius servers Command Mode Privileged EXEC mode ...

Страница 212: ...lowing example displays RADIUS server settings Console show radius servers IP address 172 16 1 1 172 16 1 2 Port Auth 1812 1812 Port Acct 1813 1813 Time Out Global 11 Retransmision Global 8 Dead time Global Global Sourc e IP Global Global Priority 1 2 Usage All All Global values TimeOut 3 Retransmit 3 Deadtime 0 Source IP 172 16 8 1 ...

Страница 213: ... connection Specifies that a single open connection is maintained between the device and the daemon instead of the device opening and closing a TCP connection to the daemon each time it communicates port port number Specifies the server port number If the port number is 0 the host is not used for authentication Range 0 65535 timeout timeout Specifies the timeout value in seconds Range 1 30 key key...

Страница 214: ... values are specified the global values apply to each host Example The following example specifies a TACACS host Console config tacacs server host 172 16 1 1 17 2 tacacs server key Use the tacacs server key Global Configuration mode command to set the authentication encryption key used for all TACACS communications between the device and the TACACS daemon Use the no form of this command to disable...

Страница 215: ...acs server timeout Use the tacacs server timeout Global Configuration mode command to set the interval during which the device waits for a TACACS server to reply Use the no form of this command to restore the default configuration Syntax tacacs server timeout timeout no tacacs server timeout Parameters timeout Specifies the timeout value in seconds Range 1 30 Default Configuration The default time...

Страница 216: ...ers source Specifies the source IP address Range Valid IP address Default Configuration The default source IP address is the outgoing IP interface address Command Mode Global Configuration mode User Guidelines If the configured IP source address has no available IP interface an error message is issued when attempting to communicate with the IP address Example The following example specifies the so...

Страница 217: ...iguration If ip address is not specified information for all TACACS servers is displayed Command Mode Privileged EXEC mode Example The following example displays configuration and statistical information for all TACACS servers Console show tacacs IP address 172 16 1 1 Status Connected Por t 49 Single Connectio n No Time Out Globa l Sourc e IP Globa l Priorit y 1 Global values Time Out 3 Source IP ...

Страница 218: ...n Message logging is enabled Command Mode Global Configuration mode User Guidelines The logging process controls the logging messages distribution at various destinations such as the logging buffer logging file or SYSLOG server Logging on and off at these destinations can be individually configured using the logging buffered logging file and logging on Global Configuration mode commands However if...

Страница 219: ...ust be specified Refer to the User Guidelines for the interface name syntax hostname Hostname of the host to be used as a SYSLOG server Only translation to IPv4 addresses is supported Range 1 158 characters Maximum label size 63 port port Port number for SYSLOG messages If unspecified the port number defaults to 514 Range 1 65535 severity level Limits the logging of messages to the SYSLOG servers ...

Страница 220: ...wing combinations are possible ipv6_address interface_id Refers to the IPv6 address on the interface specified ipv6_address 0 Refers to the IPv6 address on the single interface on which an IPv6 address is defined ipv6_address Refers to the IPv6 address on the single interface on which an IPv6 address is defined Examples console config logging host 1 1 1 121 console config logging host 3000 100 SYS...

Страница 221: ...ion mode command to limit the SYSLOG message display to messages with a specific severity level and to define the buffer size number of messages that can be stored Use the no form of this command to cancel displaying the SYSLOG messages and to return the buffer size to default Syntax logging buffered buffer size severity level severity level name no logging buffered Parameters buffer size Specifie...

Страница 222: ...isplayed to the user Example The following example shows two ways of limiting the SYSLOG message display from an internal buffer to messages with severity level debugging In the second example the buffer size is set to 100 Console config logging buffered debugging Console config logging buffered 100 7 18 5 clear logging Use the clear logging Privileged EXEC mode command to clear messages from the ...

Страница 223: ...evel Use the no form of this command to cancel sending messages to the file Syntax logging file level no logging file Parameters level Specifies the severity level of SYSLOG messages sent to the logging file The possible values are emergencies alerts critical errors warnings notifications informational and debugging Default Configuration The default severity level is errors Command Mode Global Con...

Страница 224: ... EXEC mode Example The following example clears messages from the logging file Console clear logging file Clear Logging File y n 18 8 file system logging Use the file system logging Global Configuration mode command to enable logging file system events Use the no form of this command to disable logging file system events Syntax file system logging copy delete rename no file system logging copy del...

Страница 225: ...config file system logging copy 18 9 logging aggregation on Use the logging aggregation on Global Configuration mode command to control aggregation of SYSLOG messages If aggregation is enabled logging messages are displayed every time interval according to the aging time specified by logging aggregation aging time Use the no form of this command to disable aggregation of SYSLOG messages Syntax log...

Страница 226: ... aggregated during the time interval set by the aging time parameter Use the no form of this command to return to the default Syntax logging aggregation aging time sec no logging aggregation aging time Parameters aging time sec Aging time in seconds Range 15 3600 Default Configuration 300 seconds Command Mode Global Configuration mode Example console config logging aggregation aging time 300 18 11...

Страница 227: ...ng is enabled Console Logging Level info Console Messages 0 Dropped Buffer Logging Level info Buffer Messages 61 Logged 61 Displayed 200 Max File Logging Level error File Messages 898 Logged 64 Dropped 4 messages were not logged Application filtering control Application Event Status AAA Login Enabled File system Copy Enabled File system Delete Rename Enabled Management ACL Deny Enabled Aggregation...

Страница 228: ...the SYSLOG messages stored in the logging file Syntax show logging file Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example The following example displays the logging status and the SYSLOG messages stored in the logging file console show logging file Logging is enabled Console Logging Level info Console Messages 0 Dropped Buffer Logging Level info Buffer Messages 61 ...

Страница 229: ... 36 SSHD E ERROR SSH error key_read type mismatch encoding error 01 Jan 2010 05 55 37 SSHD E ERROR SSH error key_read type mismatch encoding error 01 Jan 2010 05 55 03 SSHD E ERROR SSH error key_read key_from_blob bgEgGnt9 z6NHgZwKI5xKqF7cBtdl1xmFgSEWuDhho5UedydAjVkKS5XR2 failed 01 Jan 2010 05 55 03 SSHD E ERROR SSH error key_from_blob invalid key type 01 Jan 2010 05 56 34 SSHD E ERROR SSH error b...

Страница 230: ...rs Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example The following example provides information about the SYSLOG servers console show syslog servers Device Configuration IP address Port Facility Severity Description 1 1 1 121 514 local7 info 3000 100 514 local7 info ...

Страница 231: ...Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays RMON Ethernet statistics for gigabitethernet port gi1 console show rmon statistics gi1 Port gi1 Dropped 0 Octets 0 Packets 0 Broadcast 0 Multicast 0 CRC Align Errors 0 Collisions 0 Undersize Pkts 0 Oversize Pkts 0 Fragments 0 Jabbe...

Страница 232: ... to the broadcast address This does not include multicast packets Multicast The total number of good packets received and directed to a multicast address This number does not include packets directed to the broadcast address CRC Align Errors The total number of packets received with a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but with either a b...

Страница 233: ...nment Error 64 Octets The total number of packets including bad packets received that are 64 octets in length excluding framing bits but including FCS octets 65 to 127 Octets The total number of packets including bad packets received that are between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets 128 to 255 Octets The total number of packets including bad pac...

Страница 234: ...r of buckets specified for the RMON collection history group of statistics If unspecified defaults to 50 Range 1 50 interval seconds The number of seconds in each polling cycle If unspecified defaults to 1800 Range 1 3600 Command Mode Interface Configuration Ethernet Port channel mode Cannot be configured for a range of interfaces range context 19 3 show rmon collection stats Use the show rmon col...

Страница 235: ...index Specifies the set of samples to display Range 1 65535 throughput Displays throughput counters errors Displays error counters other Displays drop and collision counters Console show rmon collection stats Index 1 2 Interface gi1 gi1 Interval 30 1800 Requested Samples 50 50 Granted Samples 50 50 Owner CLI Manager Field Description Index An index that uniquely identifies the entry Interface The ...

Страница 236: ... for index 1 Console show rmon history 1 throughput Sample Set 1 Interface gi1 Requested samples 50 Owner CLI Interval 1800 Granted samples 50 Maximum table size 500 Time Jan 18 2005 21 57 00 Jan 18 2005 21 57 30 Octets 30359596 2 28769630 4 Packets 357568 275686 Broadcas t 3289 2789 Multicast 7287 5878 Util 19 20 Console show rmon history 1 errors Sample Set 1 Interface gi1 Requested samples 50 O...

Страница 237: ...e and Time the entry is recorded Octets The total number of octets of data including those in bad packets and excluding framing bits but including FCS octets received on the network Packets The number of packets including bad packets received during this sampling interval Broadcast The number of good packets received during this sampling interval that were directed to the broadcast address Multica...

Страница 238: ...nts The total number of packets received during this sampling interval that were less than 64 octets in length excluding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error It is normal for etherHistoryFragments to increment because it counts both runts whic...

Страница 239: ... 0 65535 fevent Specifies the index of the event triggered when a falling threshold is crossed Range 0 65535 type absolute delta Specifies the method used for sampling the selected variable and calculating the value to be compared against the thresholds The possible values are absolute Specifies that the selected variable value is compared directly with the thresholds at the end of the sampling in...

Страница 240: ...olute The default startup direction is rising falling If the owner name is not specified it defaults to an empty string Command Mode Global Configuration mode Example The following example configures an alarm with index 1000 MIB object ID D Link sampling interval 360000 seconds 100 hours rising threshold value 1000000 falling threshold value 1000000 rising threshold event index 10 falling threshol...

Страница 241: ...splay alarm configuration Syntax show rmon alarm number Parameters alarm number Specifies the alarm index Range 1 65535 Command Mode EXEC mode Example The following example displays RMON 1 alarms Console show rmon alarm 1 Console show rmon alarm table Index 1 2 3 OID 1 3 6 1 2 1 2 2 1 10 1 1 3 6 1 2 1 2 2 1 10 1 1 3 6 1 2 1 2 2 1 10 9 Owner CLI Manager CLI Field Description Index An index that uni...

Страница 242: ...od For example if the sample type is delta this value is the difference between the samples at the beginning and end of the period If the sample type is absolute this value is the sampled value at the end of the period Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds Sample Type The method of sampling the variable and calculating t...

Страница 243: ...falling then a single rising alarm is generated If the first sample is less than or equal to the falling threshold and startup alarm is equal falling or rising falling then a single falling alarm is generated Rising Threshold The sampled statistic rising threshold When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval is less than this...

Страница 244: ...ifies the SNMP community to which an SNMP trap is sent Octet string length 0 127 characters description text Specifies a comment describing this event Length 0 127 characters owner name Specifies the name of the person who configured this event Valid string Default Configuration If the owner name is not specified it defaults to an empty string Command Mode Global Configuration mode Example The fol...

Страница 245: ...me sent Jan 18 2006 23 58 17 Jan 18 2006 23 59 48 Field Description Index A unique index that identifies this event Description A comment describing this event Type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case of log an entry is made in the log table for each event In the case of trap an SNMP trap is sent to on...

Страница 246: ...aximum size of RMON tables Use the no form of this command to return to the default configuration Syntax rmon table size history entries log entries no rmon table size history log Parameters history entries Specifies the maximum number of history table entries Range 20 270 log entries Specifies the maximum number of log table entries Range 20 100 Console show rmon log 1 Maximum table size 500 800 ...

Страница 247: ...story table size is 270 entries The default log table size is 200 entries Command Mode Global Configuration mode User Guidelines The configured table size takes effect after the device is rebooted Example The following example configures the maximum size of RMON history tables to 100 entries Console config rmon table size history 100 ...

Страница 248: ...1x default Parameters method1 method2 Specify at least one method from the following list Default Configuration The default method is Radius Command Mode Global Configuration mode User Guidelines You can select either authentication by a RADIUS server no authentication none or both methods If both RADIUS and none are selected authentication begins with the RADIUS server If no RADIUS server answers...

Страница 249: ...f this command to restore the default configuration Syntax dot1x system auth control no dot1x system auth control Default Configuration All the ports are in FORCE_AUTHORIZED state Command Mode Global Configuration mode Example The following example enables 802 1x globally Console config dot1x system auth control 20 3 dot1x port control Use the dot1x port control Interface Configuration Ethernet mo...

Страница 250: ...ort to transition to the unauthorized state and ignoring all attempts by the client to authenticate The device cannot provide authentication services to the client through the interface time range time range name Specifies a time range When the Time Range is not in effect the port state is Unauthorized Range 1 32 characters Default Configuration The port is in the force authorized state Command Mo...

Страница 251: ... Periodic re authentication is disabled Command Mode Interface configuration Ethernet Example console config interface gi1 console config if dot1x reauthentication 20 5 dot1x timeout reauth period Use the dot1x timeout reauth period Interface Configuration mode command to set the number of seconds between re authentication attempts Use the no form of this command to return to the default setting S...

Страница 252: ...wing a failed authentication exchange for example the client provided an invalid password Use the no form of this command to restore the default configuration Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period Parameters seconds Specifies the time interval in seconds that the device remains in a quiet state following a failed authentication exchange with the client Range 30 65...

Страница 253: ...f dot1x timeout quiet period 3600 20 7 dot1x timeout tx period Use the dot1x timeout tx period Interface Configuration Ethernet mode command to set the time interval during which the device waits for a response to an Extensible Authentication Protocol EAP request identity frame from the client before resending the request Use the no form of this command to restore the default configuration Syntax ...

Страница 254: ...od 3600 20 8 dot1x max req Use the dot1x max req Interface Configuration mode command to set the maximum number of times that the device sends an Extensible Authentication Protocol EAP request identity frame assuming that no response is received to the client before restarting the authentication process Use the no form of this command to restore the default configuration Syntax dot1x max req count...

Страница 255: ...e dot1x timeout supp timeout Interface Configuration Ethernet mode command to set the time interval during which the device waits for a response to an Extensible Authentication Protocol EAP request frame from the client before resending the request Use the no form of this command to restore the default configuration Syntax dot1x timeout supp timeout seconds no dot1x timeout supp timeout Parameters...

Страница 256: ...5 Console config if dot1x timeout supp timeout 3600 20 10 dot1x timeout server timeout Use the dot1x timeout server timeout Interface Configuration Ethernet mode command to set the time interval during which the device waits for a response from the authentication server Use the no form of this command to restore the default configuration Syntax dot1x timeout server timeout seconds no dot1x timeout...

Страница 257: ...er timeout command and selecting the lower of the two values Example The following example sets the time interval between retransmission of packets to the authentication server to 3600 seconds Console config interface gi15 Console config if dot1x timeout server timeout 3600 20 11 show dot1x Use the show dot1x Privileged EXEC mode command to display the 802 1x device or specified interface status S...

Страница 258: ... gi4 gi5 Admin Mode Auto Auto Auto Force auth Force auth Oper Mode Authorized Authorized Unauthorized Authorized Unauthorized Reauth Control Ena Ena Ena Dis Dis Reauth Period 3600 3600 3600 3600 3600 Username Bob John Clark n a n a Port is down or not present Console show dot1x interface gi3 802 1x is enabled Port gi3 Admin Mode Auto Oper Mode Unauthorized Reauth Control Ena Reauth Period 3600 Use...

Страница 259: ...entication Method Termination Cause 30 Seconds 08 19 17 00 08 78 32 98 78 Remote Supplicant logoff Authenticator State Machine State HELD Backend State Machine State Authentication success Authentication fails IDLE 9 1 Field Description Port The port number Admin mode The port administration configured mode Possible values Force auth Force unauth Auto Oper mode The port operational actual mode Pos...

Страница 260: ...rame assuming that no response is received to the client before restarting the authentication process Supplicant timeout The number of seconds that the device waits for a response to an EAP request frame from the client before resending the request Server timeout The number of seconds that the device waits for a response from the authentication server before resending the request Session Time The ...

Страница 261: ...how dot1x users Use the show dot1x users Privileged EXEC mode command to display active 802 1x authenticated users for the device Syntax show dot1x users username username Parameters username Specifies the supplicant username Length 1 160 characters Command Mode Privileged EXEC mode ...

Страница 262: ...d Address gi1 Bob 1d 03 08 58 Remote 0008 3b79 8787 3 gi2 John 08 19 17 None 0008 3b89 3127 2 OK Port Username Session Auth MAC VLAN Filter Time Method Address gi1 Bob 1d 09 07 38 Remote 0008 3b79 8787 3 OK gi1 Bernie 03 08 58 Remote 0008 3b79 3232 9 OK gi2 John 08 19 17 Remote 0008 3b89 3127 2 gi3 Paul 02 12 48 Remote 0008 3b89 8237 8 Warning Switch show dot1x users username Bob Port Username Ses...

Страница 263: ...ort Command Mode Privileged EXEC mode Example The following example displays 802 1x statistics for gi1 Console show dot1x statistics interface gi1 EapolFramesRx 11 EapolFramesTx 12 EapolStartFramesRx 1 EapolLogoffFramesRx 1 EapolRespIdFramesRx 3 EapolRespFramesRx 6 EapolReqIdFramesTx 3 EapolReqFramesTx 6 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0 LastEapolFrameVersion 1 LastEapolFrameSource 0...

Страница 264: ...y this Authenticator EapolRespFramesRx The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator EapolReqIdFramesTx The number of EAP Req Id frames that have been transmitted by this Authenticator EapolReqFramesTx The number of EAP Request frames other than Req Id frames that have been transmitted by this Authenticator InvalidEapolFramesRx The ...

Страница 265: ...n N A Command Mode Privileged EXEC User Guidelines The command clears the statistics displayed in the show dot1x statistics command Example console clear dot1x statistics 20 15 dot1x host mode Use the dot1x host mode Interface Configuration mode command to allow a single host client or multiple hosts on an IEEE 802 1x authorized port Use the no form of this command to return to the default setting...

Страница 266: ...g is based on the source MAC address only Port security on a port cannot be enabled in single host mode and in multiple sessions mode It is recommended to enable reauthentication when working in multiple sessions mode in order to detect User Logout for users that hadn t sent Logoff Example console config interface gi1 console config if dot1x host mode multi host console config if dot1x host mode s...

Страница 267: ...wn the port trap seconds Send SNMP traps and specifies the minimum time between consecutive traps If seconds 0 traps are disabled If the parameter is not specified it defaults to 1 second for the restrict mode and 0 for the other modes Default Configuration Protect Command Mode Interface Configuration Ethernet mode User Guidelines The command is relevant only for single host mode BPDU message whos...

Страница 268: ...thorized users on an interface to access the guest VLAN If the guest VLAN is defined and enabled the port automatically joins the guest VLAN when the port is unauthorized and leaves it when the port becomes authorized To be able to join or leave the guest VLAN the port should not be a static member of the guest VLAN Example The following example defines VLAN 2 as a guest VLAN Console config interf...

Страница 269: ...elevant if the guest VLAN is enabled on the port Configuring the timeout adds delay from enabling 802 1X or port up to the time the device adds the port to the guest VLAN Example The following example sets the delay between enabling 802 1x and adding a port to a guest VLAN to 60 seconds Console config dot1x guest vlan timeout 60 20 19 dot1x guest vlan enable Use the dot1x guest vlan enable Interfa...

Страница 270: ...terface gi15 Console config if dot1x guest vlan enable 20 20 dot1x mac authentication Use the dot1x mac authentication Interface Configuration Ethernet mode command to enable authentication based on the station s MAC address Use the no form of this command to disable access Syntax dot1x mac authentication mac only mac and 802 1x no dot1x mac authentication Parameters mac only Enables authenticatio...

Страница 271: ...ed when working in this mode Example The following example enables authentication based on the station s MAC address on gi1 Console config interface gi1 Console config if dot1x mac authentication mac only 20 21 show dot1x advanced Use the show dot1x advanced Privileged EXEC mode command to display 802 1x advanced features for the device or specified interface Syntax show dot1x advanced interface i...

Страница 272: ... VLAN Authentication gi1 Disabled Enabled MAC and 802 1X gi2 Enabled Disabled Disabled Switch show dot1x advanced gi1 Interface Multiple Guest MAC Hosts VLAN Authentication gi1 Disabled Enabled MAC and 802 1X Legacy Supp mode is disabled Policy assignment resource err handling Accept Single host parameters Violation action Discard Trap Enabledx Status Single host locked Violations since last trap ...

Страница 273: ... can be one of the following types Ethernet port or Port channel Example For Gigabit Ethernet ports console config interface gi1 20 Example For Fast Ethernet ports console config interface fa1 2 Example For Port Channels LAGs console config interface port channel 1 21 2 interface range Use the interface range command to execute a command on multiple ports at the same time Syntax interface range in...

Страница 274: ... 3 shutdown Use the shutdown Interface Configuration Ethernet Port channel mode command to disable an interface Use the no form of this command to restart a disabled interface Syntax shutdown no shutdown Default Configuration The interface is enabled Command Mode Interface Configuration Ethernet Port channel mode Example Example 1 The following example disables gi5 operations Console config interf...

Страница 275: ... description of the port to assist the user Length 1 64 characters Default Configuration The interface does not have a description Command Mode Interface Configuration Ethernet Port channel mode Example The following example adds the description SW 3 to gi5 Console config interface gi5 Console config if description SW 3 21 5 speed Use the speed Interface Configuration Ethernet Port channel mode co...

Страница 276: ...and in a Port channel context returns each port in the Port channel to its maximum capability Example The following example configures the speed of gi5 to 100 Mbps operation Console config interface gi5 Console config if speed 100 21 6 duplex Use the duplex Interface Configuration Ethernet Port channel mode command to configure the full half duplex operation of a given Ethernet interface when not ...

Страница 277: ...ation Use the negotiation Interface Configuration Ethernet Port channel mode command to enable auto negotiation operation for the speed and duplex parameters of a given interface Use the no form of this command to disable auto negotiation Syntax negotiation capability capability2 capability5 no negotiation Parameters capability Specifies the capabilities to advertise Possible values 10h 10f 100h 1...

Страница 278: ...figure the flow control on a given interface Use the no form of this command to disable flow control Syntax flowcontrol auto on off no flowcontrol Parameters auto Specifies auto negotiation on Enables flow control off Disables flow control Default Configuration Flow control is disabled Command Mode Interface Configuration Ethernet Port channel mode User Guidelines Use the negotiation command to en...

Страница 279: ... mdix on auto no mdix Parameters on Enables manual MDIX auto Enables automatic MDI MDIX Default Configuration The default setting is On Command Mode Interface Configuration Ethernet mode Example The following example enables automatic crossover on port gi5 Console config interface gi5 Console config if mdix auto 21 10 back pressure Use the back pressure Interface Configuration Ethernet mode comman...

Страница 280: ...essure on port gi5 Console config interface gi5 Console config if back pressure 21 11 port jumbo frame Use the port jumbo frame Global Configuration mode command to enable jumbo frames on the device Use the no form of this command to disable jumbo frames Syntax port jumbo frame no port jumbo frame Default Configuration Jumbo frames are disabled on the device Command Mode Global Configuration mode ...

Страница 281: ...yntax show interfaces counters interface id detailed Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel detailed Displays information for non present ports in addition to present ports Command Mode EXEC mode Example The following example clears the statistics counters for gi5 Console clear counters gi5 21 13 set interf...

Страница 282: ...e The following example reactivates gi1 Console set interface active gi1 21 14 show interfaces configuration Use the show interfaces configuration EXEC mode command to display the configuration for all configured interfaces or for a specific interface Syntax show interfaces configuration interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following typ...

Страница 283: ...aces status Use the show interfaces status EXEC mode command to display the status of all configured interfaces or of a specific interface Syntax show interfaces status interface id detailed Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel detailed Displays information for non present ports in addition to present por...

Страница 284: ...vertise EXEC mode command to display auto negotiation advertisement information for all configured interfaces or for a specific interface Syntax show interfaces advertise interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Examples The following examples display auto negotiation infor...

Страница 285: ... interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Console show interfaces advertise gi1 Port gi1 Type 1G Copper Link state Up Auto Negotiation enabled Admin Local link Advertisement Oper Local link Advertisement Remote Local link Advertisement Priority Resolution 10h yes yes no 10f yes yes no 100 h yes yes yes 100f yes yes yes ...

Страница 286: ...raffic seen by all the physical interfaces or by a specific interface Syntax show interfaces counters interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays traffic seen by all the physical interfaces Console show interfaces description Port gi1 gi2...

Страница 287: ... 0 0 0 0 Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets gi1 0 1 35 7051 Alignment Errors 0 FCS Errors 0 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 Deferred Transmissions 0 Late Collisions 0 Excessive Collisions 0 Carrier Sense Errors 0 Oversize Packets 0 Internal MAC Rx Errors 0 Symbol Errors 0 Received Pause Frames 0 Transmitted Pause Frames 0 ...

Страница 288: ...S check Single Collision Frames The number of frames that are involved in a single collision and are subsequently transmitted successfully Multiple Collision Frames The number of frames that are involved in more than one collision and are subsequently transmitted successfully SQE Test Errors The number of times that the SQE TEST ERROR is received The SQE TEST ERROR is set in accordance with the ru...

Страница 289: ... show port jumbo frame Jumbo frames are disabled Jumbo frames will be enabled after reset Oversize Packets The number of frames received that exceed the maximum permitted frame size Internal MAC Rx Errors The number of frames for which reception fails due to an internal MAC sublayer receive error Received Pause Frames The number of MAC Control frames received with an opcode indicating the PAUSE op...

Страница 290: ...second of broadcast traffic on a port Range 70 1000000 Default Configuration 1000 Command Mode Interface Configuration mode Ethernet User Guidelines Use the storm control broadcast enable Interface Configuration command to enable storm control The calculated rate includes the 20 bytes of Ethernet framing overhead preamble SFD IPG Example console config interface gi1 console config if storm control...

Страница 291: ...0000 Default Configuration level 10 kbps 10 of port speed in Kbps Command Mode Interface Configuration mode Ethernet User Guidelines Use the storm control broadcast enable Interface Configuration command to enable storm control The calculated rate includes the 20 bytes of Ethernet framing overhead preamble SFD IPG The command smartport storm control broadcast level has the same functionality excep...

Страница 292: ...trol include multicast Parameters N A unknown unicast Specifies also the count of unknown unicast packets Default Configuration Disabled Command Mode Interface Configuration mode Ethernet User Guidelines The command smartport storm control include multicast has the same functionality except that it does not return an error and does not configure anything when executing it for a port channel Exampl...

Страница 293: ...rameters interface id Specifies the interface Command Mode EXEC mode Example console show storm control Port State Admin Rate Oper Rate Included Kb Sec gi1 Enabled 12345 Kb Sec 12345 Broadcast Multicast Unknown Unicast gi2 Disabled 100000 Kb Sec 100000 Broadcast gi3 Enabled 10 000000 Broadcast ...

Страница 294: ...interface id Parameters interface id Specify an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode User Guidelines The port must be active and working at 100 M or 1000 M Example The following example displays the estimated copper cable length attached to all ports 22 2 show fiber ports optical transceiver Use the show fiber ports optical transceiver EXEC mode command to ...

Страница 295: ...cs results console show fiber ports optical transceiver Port Temp Voltage Current Output Input LOS Power Power gi1 W OK OK OK OK OK gi2 OK OK OK E OK OK Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power in milliWatts Input Power Measured RX received power in milliWatts LOS Loss of signa...

Страница 296: ...o gi8 29 3 33 6 50 3 53 3 71 No Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power in milliWatts Input Power Measured RX received power in milliWatts LOS Loss of signal N A Not Available N S Not Supported W Warning E Error ...

Страница 297: ...he device discovery protocol and stops supplying power to the device Default Configuration The default configuration is set to auto Command Mode Interface Configuration Ethernet mode Example The following example turns on the device discovery protocol on port 4 Console config interface gi4 Console config if power inline auto 23 2 power inline priority Use the power inline priority Interface Config...

Страница 298: ...ple The following example sets the inline power management priority of gigabitethernet port 4 to High Console config interface gi4 Console config if power inline priority high 23 3 power inline usage threshold Use the power inline usage threshold Global Configuration mode command to configure the threshold for initiating inline power usage alarms Use the no form of this command to restore the defa...

Страница 299: ...obal Configuration mode command to enable inline power traps Use the no form of this command to disable traps Syntax power inline traps enable no power inline traps enable Default Configuration Inline power traps are disabled Command Mode Global Configuration mode Example The following example enables inline power traps Console config power inline traps enable 23 5 power inline limit Use the power...

Страница 300: ...e following example sets inline power on a port console config interface gi1 console config if power inline limit 2222 23 6 power inline limit mode Use the power inline limit mode Global Configuration mode command to set the power limit mode of the system Use the no form of this command to return to default Syntax power inline limit mode class port no power inline limit mode Parameters class The p...

Страница 301: ... power for all interfaces or for a specific interface Syntax show power inline interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Default Configuration There is no default configuration for this command Command Mode EXEC mode Example The following example displays information about the inline power for all ports port power based console config ...

Страница 302: ...W Power limit for port power limit mode 15 W The following table describes the fields shown in the display Field Description Power The inline power sourcing equipment operational status Nominal Power The inline power sourcing equipment nominal power in Watts Consumed Power The measured usage power in Watts Usage Threshold The usage threshold expressed in percent for comparing the measured power an...

Страница 303: ...mation about the inline power consumption for all interfaces or for a specific interface Priority The port inline power management priority The possible values are Critical High or Low Status Describes the port inline power operational state The possible values are On Off Test Fail Testing Searching or Fault Class The power consumption classification of the powered device Overload Counter Counts t...

Страница 304: ...ace ID The interface ID must be an Ethernet port Default Configuration There is no default configuration for this command Command Mode EXEC mode Example The following example displays information about the inline power consumption Console show power inline consumption Port gi1 gi2 gi3 Power Limit W 15 4 15 4 15 4 Power W 4 115 4 157 4 021 Voltage V 50 8 50 7 50 9 Current mA 81 82 79 ...

Страница 305: ...the other end of the link must also support EEE and have it enabled In addition for EEE to work properly Auto Negotaition must be enabled however if the port speed is negotiated 1Giga EEE always works regardless of the auto negotiation status meaning enable or disable If Auto Negotiation is not enabled on the port and its speed is less than 1 Giga the EEE Operational status is disabled 24 2 eee en...

Страница 306: ... eee lldp enable Interface Configuration command to enable EEE support by LLDP on an Ethernet port Use the no format of the command to disable the support Syntax eee lldp enable no eee lldp enable Parameters N A Default Configuration Enabled Command Mode Interface Configuration mode Ethernet User Guidelines Enabling EEE LLDP advertisement allows devices to choose and change system wake up times in...

Страница 307: ...nistrate status is enabled on ports gi1 6 gi7 EEE Operational status is enabled on ports gi1 gi3 6 gi2 gi5 EEE LLDP Administrate status is enabled on ports gi1 5 EEE LLDP Operational status is enabled on ports gi1 5 Example 2 Port in state notPresent no information if port supports EEE Switch show eee gi10 Port Status notPresent EEE Administrate status enabled EEE LLDP Administrate status enabled ...

Страница 308: ... Speed 1G EEE supported Current port speed 1Gbps EEE Administrate status enabled EEE LLDP Administrate status enabled Example 5 Neighbor does not support EEE Switch show eee gi5 Port Status UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Current port speed 1Gbps EEE Remote status disabled EEE Administrate status enabled EEE Operational status disable...

Страница 309: ...t EEE LLDP is disabled Switch show eee gi2 Port Status UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Current port speed 1Gbps EEE Remote status enabled EEE Administrate status enabled EEE Operational status enabled EEE LLDP Administrate status disabled EEE LLDP Operational status disabled Resolved Tx Timer 10usec Local Tx Timer 10 usec Resolved Tim...

Страница 310: ... Rx Timer 5 usec Resolved Timer 25 usec Local Rx Timer 20 usec Remote Tx Timer 25 usec Example 9 EEE is running on the port EEE LLDP enabled but not synchronized with remote link partner Switch show eee gi9 Port Status up EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Current port speed 1Gbps EEE Remote status enabled EEE Administrate status enabled EE...

Страница 311: ...d 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Current port speed 1Gbps EEE Remote status enabled EEE Administrate status enabled EEE Operational status enabled EEE LLDP Administrate status enabled EEE LLDP Operational status enabled Resolved Tx Timer 10usec Local Tx Timer 10 usec Remote Rx Timer 5 usec Resolved Timer 25 usec Local Rx Timer 20 usec Remote Tx Timer 25 usec ...

Страница 312: ...tax green ethernet energy detect no green ethernet energy detect Parameters N A Default Configuration Enabled Command Mode Global Configuration mode Example console config green ethernet energy detect 25 2 green ethernet energy detect interface Use the green ethernet energy detect Interface configuration mode command to enable green ethernet Energy Detect mode on an interface use the no form of th...

Страница 313: ... 5 seconds to fall into sleep mode when the link is lost after normal operation Example console config interface gi1 console config if green ethernet energy detect 25 3 show green ethernet Use the show green ethernet Privileged EXEC mode command to show green ethernet configuration and information Syntax show green ethernet interface id Parameters interface id Specifies an interface ID The interfa...

Страница 314: ...ed Short Reach mode Disabled Power Consumption 76 3 31W out of maximum 4 33W Cumulative Energy Saved 33 Watt Hour Short Reach cable length threshold 50m Energy detect Non operational Reasons Priority Reason Description 1 NP Port is not present 2 LT Link Type is not supported fiber auto media select 3 LU Port Link is up NA Short Reach Non operational Reasons Priority Reason Description 1 NP Port is...

Страница 315: ... command to enable green ethernet short reach mode globally Use the no form of this command to disabled it Syntax green ethernet short reach no green ethernet short reach Parameters N A Default Configuration Disabled Command Mode Global Configuration mode Example console config green ethernet short reach 25 5 green ethernet short reach interface Use the green ethernet short reach Interface Configu...

Страница 316: ...per or the link speed is not 1000 Mbps and short reach mode is not forced by green ethernet short reach force Short Reach mode is not applied When the interface is set to enhanced mode after the VCT length check has completed and set the power to low an active monitoring for errors is done continuously In the case of errors crossing a certain threshold the PHY will be reverted to long reach Note t...

Страница 317: ...Green Ethernet 78 20269 01 Command Line Interface Reference Guide 318 25 Syntax green ethernet power meter reset Command Mode Privileged EXEC mode Example console config green ethernet power meter reset ...

Страница 318: ...nel Specifies the port channel number for the current port to join mode on auto Specifies the mode of joining the port channel The possible values are on Forces the port to join a channel without an LACP operation auto Forces the port to join a channel as a result of an LACP operation Default Configuration The port is not assigned to a port channel Command Mode Interface Configuration Ethernet mod...

Страница 319: ...on MAC address src dst mac ip Port channel load balancing is based on the source and destination of MAC and IP addresses Default Configuration src dst mac is the default option Command Mode Global Configuration mode User Guidelines In src dst mac ip port load balancing policy fragmented packets might be reordered Example console config port channel load balance src dst mac console config port chan...

Страница 320: ... example displays information on all port channels console show interfaces port channel Load balancing src dst mac Gathering information Channel Ports Po1 Active gi1 Inactive gi2 3 Po2 Active gi5 Inactive gi4 console show interfaces switchport gi1 Gathering information Name gi1 Switchport enable Administrative Mode access Operational Mode down Access Mode VLAN 1 Access Multicast TV VLAN none Trunk...

Страница 321: ...idden VLANs none General Ingress Filtering enabled General Acceptable Frame Type all General GVRP status disabled Customer Mode VLAN none Private vlan promiscuous association primary VLAN none Private vlan promiscuous association Secondary VLANs Enabled none Private vlan host association primary VLAN none Private vlan host association Secondary VLAN Enabled none DVA disable ...

Страница 322: ...rts Command Mode Global Configuration mode User Guidelines If multicast devices exist on the VLAN do not change the unregistered multicast addresses states to drop on the device ports If multicast devices exist on the VLAN and IGMP snooping is not enabled the bridge multicast forward all command should be used to enable forwarding all multicast packets to the multicast switches Example The followi...

Страница 323: ...ss and IPv4 source address for IPv4 packets Default Configuration The default mode is mac group Command Mode Interface Configuration VLAN mode User Guidelines Use the mac group mode when using a Network Management System that uses a MIB based on the multicast MAC address Otherwise it is recommended to use the ipv4 group or ipv4 src group mode because there is no overlapping of IPv4 multicast addre...

Страница 324: ...4 group Example The following example configures the multicast bridging mode as ipv4 group on VLAN 2 Console config interface vlan 2 Console config if bridge multicast mode ipv4 group 27 3 bridge multicast address Use the bridge multicast address Interface Configuration VLAN mode command to register a MAC layer multicast address in the bridge table and statically add or remove ports to or from the...

Страница 325: ...annels Default Configuration No multicast addresses are defined If ethernet interface list or port channel port channel list is specified without specifying add or remove the default option is add Command Mode Interface Configuration VLAN mode User Guidelines To register the group in the bridge database without adding or removing ports or port channels specify the mac multicast address parameter o...

Страница 326: ...multicast forbidden address mac multicast address Parameters mac multicast address Specifies the group MAC multicast address add Forbids adding ports to the group remove Forbids removing ports from the group ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to designate a range of ports port channel port channe...

Страница 327: ...of this command to unregister the IP address Syntax bridge multicast ip address ip multicast address add remove ethernet interface list port channel port channel list no bridge multicast ip address ip multicast address Parameters ip multicast address Specifies the group IP multicast address add Adds ports to the group remove Removes ports from the group ethernet interface list Specifies a list of ...

Страница 328: ...st ip address 239 2 2 2 The following example registers the IP address and adds ports statically Console config interface vlan 8 Console config if bridge multicast ip address 239 2 2 2 add gi9 27 6 bridge multicast forbidden ip address Use the bridge multicast forbidden ip address Interface Configuration VLAN mode command to forbid adding or removing a specific IP multicast address to or from spec...

Страница 329: ...ode Interface Configuration VLAN mode User Guidelines Before defining forbidden ports the multicast group should be registered You can execute the command before the VLAN is created Example The following example registers IP address 239 2 2 2 and forbids the IP address on port gi9 within VLAN 8 Console config interface vlan 8 Console config if bridge multicast ip address 239 2 2 2 Console config i...

Страница 330: ...terface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to designate a range of ports port channel port channel list Specifies a list of port channels Separate nonconsecutive port channels with a comma and no spaces use a hyphen to designate a range of port channels Default Configuration No multicast addresses are defined The d...

Страница 331: ...cifies the source IP address ip multicast address Specifies the group IP multicast address add Forbids adding ports to the group for the specific source IP address remove Forbids removing ports from the group for the specific source IP address ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to designate a ran...

Страница 332: ...guration VLAN mode command to configure the multicast bridging mode for ipv6 multicast packets Use the no form of this command to return to the default configuration Syntax bridge multicast ipv6 mode mac group ip group ip src group no bridge multicast ipv6 mode Parameters mac group Specifies that multicast bridging is based on the packet s VLAN and MAC address ip group Specifies that multicast bri...

Страница 333: ...e port is added to the S G entries if they exist that belong to the requested group If an application on the device requests G the operating FDB mode is changed to ip group You can execute the command before the VLAN is created Example The following example configures the Multicast bridging mode as ip group on VLAN 2 Console config interface vlan 2 Console config if bridge multicast ipv6 mode ip g...

Страница 334: ...ifies the group IPv6 multicast address add Adds ports to the group remove Removes ports from the group ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces use a hyphen to designate a range of ports port channel port channel list Specifies a list of port channels Separate nonconsecutive port channels with a comma and no spaces...

Страница 335: ...icast ipv6 forbidden ip address Interface Configuration VLAN mode command to forbid adding or removing a specific IPv6 multicast address to or from specific ports To restore the default configuration use the no form of this command Syntax bridge multicast ipv6 forbidden ip address ipv6 multicast address add remove ethernet interface list port channel port channel list no bridge multicast ipv6 forb...

Страница 336: ...he IPv6 address on port gi9 within VLAN 8 console config interface vlan 8 Console config if bridge multicast ipv6 ip address FF00 0 0 0 4 4 4 Console config if bridge multicast ipv6 forbidden ip address FF00 0 0 0 4 4 4 add gi9 27 12 bridge multicast ipv6 source group Use the bridge multicast ipv6 source group Interface Configuration VLAN mode command to register a source IPv6 address multicast IP...

Страница 337: ...ort channels with a comma and no spaces Use a hyphen to designate a range of port channels Default Configuration No multicast addresses are defined If ethernet interface list or port channel port channel list is specified without specifying add or remove the default option is add You can execute the command before the VLAN is created Command Mode Interface Configuration VLAN mode Example The follo...

Страница 338: ...cast address add Forbids adding ports to the group for the specific source IPv6 address remove Forbids removing ports from the group for the specific source IPv6 address ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to designate a range of ports port channel port channel list Specifies a list of port channe...

Страница 339: ... Ethernet Port Channel mode command to configure the forwarding state of unregistered multicast addresses Use the no form of this command to restore the default configuration Syntax bridge multicast unregistered forwarding filtering no bridge multicast unregistered Parameters forwarding Forwards unregistered multicast packets filtering Filters unregistered multicast packets Default Configuration U...

Страница 340: ... restore the default configuration Syntax bridge multicast forward all add remove ethernet interface list port channel port channel list no bridge multicast forward all Parameters add Forces forwarding of all multicast packets remove Does not force forwarding of all multicast packets ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and ...

Страница 341: ...icast forbidden forward all add remove ethernet interface list port channel port channel list no bridge multicast forbidden forward all Parameters add Forbids forwarding of all multicast packets remove Does not forbid forwarding of all multicast packets ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to desig...

Страница 342: ... of this command to delete the MAC address Syntax mac address table static mac address vlan vlan id interface interface id permanent delete on reset delete on timeout secure no mac address table static mac address vlan vlan id Parameters mac address AC address Range Valid MAC address vlan id Specify the VLAN interface id Specify an interface ID The interface ID can be one of the following types Et...

Страница 343: ... secure entries from the forwarding database Syntax clear mac address table dynamic interface interface id clear mac address table secure interface interface id Parameters interface interface id Delete all dynamic address on the specified interface The interface ID can be one of the following types Ethernet port or port channel Command Mode Privileged EXEC mode Example console clear mac address ta...

Страница 344: ...n Ethernet Port channel mode command to enable port security on an interface Use the no form of this command to disable port security on an interface Syntax port security forward discard discard shutdown trap seconds no port security Parameters forward Forwards packets with unlearned source addresses but does not learn the address discard Discards packets with unlearned source addresses discard sh...

Страница 345: ...ity forward trap 100 27 21 port security mode Use the port security mode Interface Configuration Ethernet port channel mode command configures the port security learning mode Use the no form of this command to restore the default configuration Syntax port security mode lock max addresses no port security mode Parameters lock Saves the current dynamic MAC addresses associated with the port and disa...

Страница 346: ...nfigure the maximum number of addresses that can be learned on the port while the port is in port security max addresses mode Use the no form of this command to restore the default configuration Syntax port security max max addr no port security max Parameters max addr Specifies the maximum number of addresses that can be learned on the port Range 0 256 Default Configuration This default maximum n...

Страница 347: ... MAC address table entries static Displays only static MAC address table entries secure Displays only secure MAC address table entries vlan Specifies VLAN such as VLAN 1 interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or port channel mac address MAC address Default Configuration If no parameters are entered the entire table is displayed Comma...

Страница 348: ...show mac address table 00 3f bd 45 5a b1 Aging time is 300 sec VLAN MAC Address Port Type 1 00 3f bd 45 5a b1 static gi9 27 24 show mac address table count Use the show mac address table count EXEC mode command to display the number of addresses present in the Forwarding Database Syntax show mac address table count vlan vlan interface interface id Parameters vlan Specifies VLAN interface id Specif...

Страница 349: ...083 Used 109 Static addresses 2 Secure addresses 1 Dynamic addresses 97 Internal addresses 9 27 25 show bridge multicast mode Use the show bridge multicast mode EXEC mode command to display the multicast bridging mode for all VLANs or for a specific VLAN Syntax show bridge multicast mode vlan vlan id Parameters vlan vlan id Specifies the VLAN ID Command Mode EXEC mode ...

Страница 350: ...ters vlan id Specifies the VLAN ID address mac multicast address ipv4 multicast address ipv6 multicast address Specifies the multicast address The possible values are mac multicast address Specifies the MAC multicast address ipv4 multicast address Specifies the IPv4 multicast address ipv6 multicast address Specifies the IPv6 multicast address format ip mac Specifies the multicast address format Th...

Страница 351: ...ange 0100 5e00 0000 through 0100 5e7f ffff Multicast Router ports defined statically or discovered dynamically are members in all MC groups Ports that were defined via bridge multicast forbidden forward all command are displayed in all forbidden MC entries Changing the multicast mode can move static multicast addresses that are written in the device FDB to a shadow configuration because of FDB has...

Страница 352: ...6 5 1 233 22 2 6 Multicast address table for VLANs in IPv4 SRC GROUP bridging mode Vlan Group Address Source address Type Ports 1 224 2 2 251 11 2 2 3 Dynamic gi1 Forbidden ports for multicast addresses Vlan Group Address Source Address Ports 8 239 2 2 2 gi9 8 239 2 2 2 1 1 1 11 gi9 Multicast address table for VLANs in IPv6 GROUP bridging mode VLAN IP MAC Address Type Ports 8 ff02 4 4 4 Static gi1...

Страница 353: ...multicast addresses Vlan Group Address Source address Ports 8 ff02 4 4 4 gi9 8 ff02 4 4 4 fe80 200 7ff f gi9 e00 200 27 27 show bridge multicast unregistered Use the show bridge multicast unregistered EXEC mode command to display the unregistered multicast filtering configuration Syntax show bridge multicast unregistered interface id Parameters interface id Specifies an interface ID The interface ...

Страница 354: ...ow ports security interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode Example The following example displays the port lock status of all ports console show ports security Port Status Learning Action Max Trap Frequency gi1 Enabled Max Discard 3 Enabled 100 Addresses Console ...

Страница 355: ...resses interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode Field Description Port The port number Status The port security status The possible values are Enabled or Disabled Mode The port security mode Action The action taken on violation Maximum The maximum number of addre...

Страница 356: ... sap llc snap pid Parameters mac multicast address MAC multicast address in the reserved MAC addresses range Range 01 80 C2 00 00 00 01 80 C2 00 00 02 01 80 C2 00 00 2F ethernet v2 ethtype Specifies that the packet type is Ethernet v2 and the Ethernet type field 16 bits in hexadecimal format Range 0x0600 0xFFFF llc sap Specifies that the packet type is LLC and the DSAP SSAP field 16 bits in hexade...

Страница 357: ...not specified the configuration is relevant to all the packets with the configured MAC address Specific configurations that contain service type have precedence over less specific configurations contain only MAC address The packets that are bridged are subject to security ACLs The actions define by this command has precedence over forwarding rules defined by applications protocols STP LLDP etc sup...

Страница 358: ...Address Table Commands 78 20269 01 Command Line Interface Reference Guide 359 27 01 80 C2 00 00 00LLC SNAP00 00 0C 01 29Bridge ...

Страница 359: ...ets only If no option is specified it monitors both rx and tx tx Monitors transmitted packets only If no option is specified it monitors both rx and tx vlan vlan id VLAN number src interface id Specifies an interface ID The interface ID must be and Ethernet port Default Configuration Monitors both received and transmitted packets Command Mode Interface Configuration Ethernet mode It cannot be conf...

Страница 360: ... be automatically removed from the default VLAN L2 protocols such as LLDP CDP LBD STP LACP are not active on the destination port The following restrictions apply to ports that are configured to be monitor ports The port cannot be source port The port is not a member in port channel Notes 1 In this mode some traffic duplication on the analyzer port may be observed For example Port 2 is being egres...

Страница 361: ...2 to destination port gi1 1 1 Console config interface gi1 1 1 Console config if port monitor gi1 1 2 28 2 show ports monitor Use the show ports monitor EXEC mode command to display the port monitoring status Syntax show ports monitor Command Mode EXEC mode Example The following example displays the port monitoring status Console show ports monitor Source port Destination Port Type Status gi1 1 8 ...

Страница 362: ...tree Default Configuration Spanning tree is enabled Command Mode Global Configuration mode Example The following example enables spanning tree functionality Console config spanning tree 29 2 spanning tree mode Use the spanning tree mode Global Configuration mode command to configure the spanning tree protocol currently running Use the no form of this command to restore the default configuration Sy...

Страница 363: ...ple The following example configures the spanning tree protocol as MSTP console config spanning tree mode mstp 29 3 spanning tree forward time Use the spanning tree forward time Global Configuration mode command to configure the spanning tree bridge forward time which is the amount of time a port remains in the listening and learning states before entering the forwarding state Use the no form of t...

Страница 364: ...spanning tree hello time Global Configuration mode command to configure the spanning tree bridge Hello time which is how often the device broadcasts Hello messages to other devices Use the no form of this command to restore the default configuration Syntax spanning tree hello time seconds no spanning tree hello time Parameters seconds Specifies the spanning tree Hello time in seconds Range 1 10 De...

Страница 365: ...re the spanning tree bridge maximum age Use the no form of this command to restore the default configuration Syntax spanning tree max age seconds no spanning tree max age Parameters seconds Specifies the spanning tree bridge maximum age in seconds Range 6 40 Default Configuration The default maximum age for IEEE Spanning Tree Protocol STP is 20 seconds Command Mode Global Configuration mode User G...

Страница 366: ... root bridge Use the no form of this command to restore the default device spanning tree priority Syntax spanning tree priority priority no spanning tree priority Parameters priority Specifies the bridge priority Range 0 61440 Default Configuration The default bridge priority for IEEE Spanning Tree Protocol STP is 32768 Command Mode Global Configuration mode User Guidelines The priority value must...

Страница 367: ...ation Spanning tree is enabled on all ports Command Mode Interface Configuration Ethernet port channel mode Example The following example disables the spanning tree on gi5 Console config interface gi5 Console config if spanning tree disable 29 8 spanning tree cost Use the spanning tree cost Interface Configuration Ethernet port channel mode command to configure the spanning tree path cost for a po...

Страница 368: ...cost 35000 29 9 spanning tree port priority Use the spanning tree port priority Interface Configuration Ethernet port channel mode command to configure the port priority Use the no form of this command to restore the default configuration Syntax spanning tree port priority priority no spanning tree port priority Parameters priority Specifies the port priority Range 0 240 Default Configuration The ...

Страница 369: ...st Interface Configuration Ethernet port channel mode command to enable the PortFast mode In PortFast mode the interface is immediately put into the forwarding state upon linkup without waiting for the standard forward time delay Use the no form of this command to disable the PortFast mode Syntax spanning tree portfast auto no spanning tree portfast Parameters auto Specifies that the software wait...

Страница 370: ...ate Use the no form of this command to restore the default configuration Syntax spanning tree link type point to point shared no spanning tree spanning tree link type Parameters point to point Specifies that the port link type is point to point shared Specifies that the port link type is shared Default Configuration The device derives the port link type from the duplex mode A full duplex port is c...

Страница 371: ... path costs are within the range 1 200 000 000 short Specifies that the default port path costs are within the range 1 65 535 Default Configuration Long path cost method Command Mode Global Configuration mode User Guidelines This command applies to all the spanning tree instances on the switch If the short method is chosen the switch use for the default cost values in the range 1 through 65 535 If...

Страница 372: ...ith the spanning tree disabled and BPDU handling mode of flooding Tagged BPDU packets are filtered bridging Specifies that BPDU packets whether untagged or tagged are flooded and are subject to ingress and egress VLAN rules when the spanning tree is disabled globally This mode is not relevant if the spanning tree is disabled only on a group of ports Default Configuration The default setting is flo...

Страница 373: ...ee bpdu Parameters filtering Specifies that BPDU packets are filtered when the spanning tree is disabled on an interface flooding Specifies that untagged BPDU packets are flooded unconditionally without applying VLAN rules to ports with the spanning tree disabled and BPDU handling mode of flooding Tagged BPDU packets are filtered Default Configuration The spanning tree bpdu Global command determin...

Страница 374: ...terface when it receives a bridge protocol data unit BPDU Use the no form of this command to restore the default configuration Syntax spanning tree bpduguard enable disable no spanning tree bpduguard Parameters enable Enables BPDU Guard disable Disables BPDU Guard Default Configuration BPDU Guard is disabled Command Mode Interface Configuration Ethernet Port channel mode User Guidelines The comman...

Страница 375: ...ies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode User Guidelines This feature should be used only when working in RSTP or MSTP mode Example console clear spanning tree detected protocols 29 17 spanning tree mst priority Use the spanning tree mst priority Global Configuration mode command to configure the device p...

Страница 376: ... value must be a multiple of 4096 The switch with the lowest priority is the root of the spanning tree Example The following example configures the spanning tree priority of instance 1 to 4096 Console config spanning tree mst 1 priority 4096 29 18 spanning tree mst max hops Use the spanning tree mst max hops Global Configuration mode command to configure the number of hops in an MST region before ...

Страница 377: ...ity Interface Configuration Ethernet port channel mode command to configure the priority of a port Use the no form of this command to restore the default configuration Syntax spanning tree mst instance id port priority priority no spanning tree mst instance id port priority Parameters instance id Specifies the spanning tree instance ID Range 1 15 priority Specifies the port priority Range 0 240 in...

Страница 378: ... path cost when selecting an interface to put in the forwarding state Use the no form of this command to restore the default configuration Syntax spanning tree mst instance id cost cost no spanning tree mst instance id cost Parameters instance id Specifies the spanning tree instance ID Range 1 15 cost Specifies the port path cost Range 1 200000000 Default Configuration Default path cost is determi...

Страница 379: ...tion mode command to enable configuring an MST region by entering the Multiple Spanning Tree MST mode Syntax spanning tree mst configuration Command Mode Global Configuration mode User Guidelines For two or more switches to be in the same MST region they need to contain the same VLAN mapping the same configuration revision number and the same name Example The following example configures an MST re...

Страница 380: ...ecify a series use a comma Range 1 4094 Default Configuration All VLANs are mapped to the common and internal spanning tree CIST instance instance 0 Command Mode MST Configuration mode User Guidelines All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree CIST instance instance 0 and cannot be unmapped from the CIST For two or more devices t...

Страница 381: ...figuration name Length 1 32 characters Default Configuration The default name is the bridge MAC address Command Mode MST Configuration mode Example The following example defines the configuration name as Region1 Console config spanning tree mst configuration Console config mst name region1 29 24 revision MST Use the revision MST Configuration mode command to define the MST configuration revision n...

Страница 382: ...ation mode Example The following example sets the configuration revision to 1 Console config spanning tree mst configuration Console config mst revision 1 29 25 show MST Use the show MST Configuration mode command to displays the current or pending MST region configuration Syntax show current pending Parameters current Displays the current MST region configuration pending Displays the pending MST ...

Страница 383: ...ges Syntax exit Command Mode MST Configuration mode Example The following example exits the MST Configuration mode and saves changes Console config spanning tree mst configuration Console config mst exit 29 27 abort MST Use the abort MST Configuration mode command to exit the MST Configuration mode without applying the configuration changes Console config mst show pending Pending MST configuration...

Страница 384: ...g tree configuration Syntax show spanning tree interface id instance instance id show spanning tree detail active blockedports instance instance id show spanning tree mst configuration Parameters instance instance id Specifies the spanning tree instance ID Range 1 16 detail Displays detailed information active Displays active ports only blockedports Displays blocked ports only mst configuration Di...

Страница 385: ...spanning tree Console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Loopback guard Disabled Root ID Priority Address Cost Port 32768 00 01 42 97 e0 00 20000 gi1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 36864 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ...

Страница 386: ... 128 2 128 3 128 4 128 5 Cost 20000 20000 20000 20000 20000 Sts FWD FWD BLK DIS Role Root Desg Altn PortFas t No No No Type P2p RSTP Shared STP Shared STP Console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Root ID Priority Address 36864 00 02 4b 29 7a 00 This switch is the Root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces ...

Страница 387: ...0000 Sts FWD FWD FWD DIS Role Desg Desg Desg PortFas t No No No Type P2p RSTP Shared STP Shared STP Console show spanning tree Spanning tree disabled BPDU filtering mode RSTP Default port cost method long Root ID Priority Address Path Cost Root Port Hello Time N A N A N A N A N A Max Age N A Forward Delay N A Bridge ID Priority Address 36864 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forwar...

Страница 388: ... 20000 20000 20000 20000 20000 Sts Role PortFas t Type Console show spanning tree active Spanning tree enabled mode RSTP Default port cost method long Root ID Priority Address Path Cost Root Port 32768 00 01 42 97 e0 00 20000 gi1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 36864 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces ...

Страница 389: ... Altn PortFas t No No No Type P2p RSTP Shared STP Shared STP Console show spanning tree blockedports Spanning tree enabled mode RSTP Default port cost method long Root ID Priority Address Path Cost Root Port 32768 00 01 42 97 e0 00 20000 gi1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec I...

Страница 390: ...c Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 36864 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 2 last change occurred 2d18h ago Times hold 1 topology change 35 notification 2 hello 2 max age 20 forward delay 15 Port 1 gi1 enabled State Forwarding Port id 128 1 Type P2p configured auto RSTP Designated bridge Priority 32768 De...

Страница 391: ...s to forwarding state 1 BPDU sent 2 received 170638 Port 3 gi3 disabled State N A Port id 128 3 Type N A configured auto Designated bridge Priority N A Designated port id N A Guard root Disabled Role N A Port cost 20000 Port Fast N A configured no Address N A Designated path cost N A BPDU guard Disabled Number of transitions to forwarding state N A BPDU sent N A received N A Port 4 gi4 enabled Sta...

Страница 392: ...eived 120638 Port 5 gi5 enabled State Disabled Port id 128 5 Type N A configured auto Designated bridge Priority N A Designated port id N A Guard root Disabled Role N A Port cost 20000 Port Fast N A configured no Address N A Designated path cost N A BPDU guard Disabled Number of transitions to forwarding state N A BPDU sent N A received N A ...

Страница 393: ...ed no Address 00 01 42 97 e0 00 Designated path cost 0 BPDU guard Disabled Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Console show spanning tree mst configuration Name Region1 Revision 1 Instance 0 1 Vlans mapped 1 9 21 4094 10 20 State Enabled Enabled Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Ro...

Страница 394: ...ax hops 20 Interfaces Name gi1 gi2 gi3 gi4 State Enabled Enabled Enabled Enabled Prio Nbr 128 1 128 2 128 3 128 4 Cost 20000 20000 20000 20000 Sts FWD FWD FWD FWD Role Root Desg Desg Desg PortFas t No No No No Type P2p Bound RSTP Shared Bound STP P2p P2p MST 1 Vlans Mapped 10 20 Root ID Priority Address Path Cost Root Port Rem hops 24576 00 02 4b 29 89 76 20000 gi4 19 Bridge ID Priority Address 32...

Страница 395: ...PortFas t No No No No Type P2p Bound RSTP Shared Bound STP P2p P2p Console show spanning tree detail Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Root ID Priority Address Path Cost Root Port 32768 00 01 42 97 e0 00 20000 gi1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority Address 32768 00 02 4b 29 7a 00 This switch is the IST ...

Страница 396: ...riority 32768 Designated port id 128 25 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Role Root Port cost 20000 Port Fast No configured no Address 00 01 42 97 e0 00 Designated path cost 0 Port 2 gi2 enabled State Forwarding Port id 128 2 Type Shared configured auto Boundary STP Designated bridge Priority 32768 Designated port id 128 2 Number of transitions to forwarding s...

Страница 397: ...0 Designated path cost 20000 Port 4 gi4 enabled State Forwarding Port id 128 4 Type Shared configured auto Internal Designated bridge Priority 32768 Designated port id 128 2 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Role Designated Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated path cost 20000 MST 1 Vlans Mapped 10 20 Root ID Priority ...

Страница 398: ...umber of transitions to forwarding state 1 BPDU sent 2 received 120638 Role Boundary Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated path cost 20000 Port 2 gi2 enabled State Forwarding Port id 128 2 Type Shared configured auto Boundary STP Designated bridge Priority 32768 Designated port id 128 2 Number of transitions to forwarding state 1 BPDU sent 2 received 17063...

Страница 399: ... path cost 20000 Port 4 gi4 enabled State Forwarding Port id 128 4 Type Shared configured auto Internal Designated bridge Priority 32768 Designated port id 128 2 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Role Designated Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated path cost 20000 Console show spanning tree Spanning tree enabled mode ...

Страница 400: ...e one of the following types Ethernet port or Port channel IST Master ID Priority Address Path Cost Rem hops 32768 00 02 4b 19 7a 00 10000 19 Bridge ID Priority Address 32768 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Root ID Priority Address 3...

Страница 401: ...spanning tree bpdu The following is the output if the global BPDU handling command is not supported The following is the output if both the global BPDU handling command and the per interface BPDU handling command are supported Global Flooding Interface gi1 gi2 gi3 Admin Mode Global Global Flooding Oper Mode Flooding STP STP The following is the output if bridging mode is supported ...

Страница 402: ... default VLAN Use the exit command to return to Global Configuration mode Syntax vlan database Parameters N A Default Configuration VLAN 1 exists by default Command Mode Global Configuration mode Example The following example enters the VLAN Configuration mode creates VLAN 1972 and exits VLAN Configuration mode Console config vlan database Console config vlan vlan 1972 Console config vlan exit Con...

Страница 403: ...ge 2 4094 Default Configuration VLAN 1 exists by default Command Mode VLAN Configuration mode Example The following example creates VLAN number 1972 Console config vlan database Console config vlan vlan 1972 Console config vlan 30 3 show vlan Use the show vlan Privileged EXEC mode command to display the following VLAN information for all VLANs or for a specific VLAN VLAN ID VLAN name Ports on the ...

Страница 404: ...ll VLANs are displayed Command Mode Privileged EXEC mode Examples Example 1 The following example displays information for all VLANs Console show vlan VLAN 1 10 11 20 21 30 31 91 3978 Name default Marketing VLAN0011 VLAN0020 VLAN0021 VLAN0030 VLAN0031 VLAN0091 Guest VLAN Ports gi1 2 gi3 14 gi5 16 gi7 18 gi2 gi7 Type Default static static static static static static dynamic static Authorization Req...

Страница 405: ...onfiguration mode command to define the default VLAN Use the no form of this command to set VLAN 1 as the default VLAN Syntax default vlan vlan vlan id no default vlan vlan Parameters vlan vlan id Specifies the default VLAN ID Default Configuration The default VLAN is 1 by default Command Mode VLAN Configuration mode Console show vlan tag default VLAN 1 Name default Ports gi1 2 Type Default Author...

Страница 406: ...on and reboot device 30 5 show default vlan membership Use the show default vlan membership privileged EXEC command to view the default VLAN membership Syntax show default vlan membership interface id Parameters interface id Specify an interface ID The interface ID can be one of the following types Ethernet port or Port channel Default Configuration Membership in the default VLAN is displayed for ...

Страница 407: ...d Parameters vlan vlan id Specifies the VLAN to be configured Default Configuration N A Command Mode Global Configuration mode User Guidelines If the VLAN does not exist ghost VLAN some commands are not available under the interface VLAN context The commands that are supported for VLANs but do not exist for ghost VLANs are IGMP snooping control commands Bridge Multicast configuration commands Exam...

Страница 408: ... A Command Mode Global Configuration mode User Guidelines Commands under the interface VLAN range context are executed independently on each VLAN in the range If the command returns an error on one of the VLANs an error message is displayed and the system attempts to configure the remaining VLANs If a VLAN does not exist ghost VLAN some commands are not available under the interface VLAN context T...

Страница 409: ...aracters Default Configuration No name is defined Command Mode Interface Configuration VLAN mode It cannot be configured for a range of interfaces range context User Guidelines The VLAN name must be unique Example The following example assigns VLAN 19 the name Marketing Console config interface vlan 19 Console config if name Marketing 30 9 switchport protected port Use the switchport protected por...

Страница 410: ...ject to all filtering rules and Filtering Database FDB decisions Example console config interface gi1 console config if switchport protected port 30 10 show interfaces protected ports Use the show interfaces protected ports EXEC mode command to display protected ports configuration Syntax show interfaces protected ports interface id Parameters interface id Specifies an interface ID The interface I...

Страница 411: ...l mode command to configure the VLAN membership mode access trunk general or customer of a port Use the no form of this command to restore the default configuration Syntax switchport mode access trunk general customer no switchport mode Parameters access Specifies an untagged layer 2 VLAN port trunk Specifies a trunking layer 2 VLAN port general Specifies a full 802 1q supported VLAN port customer...

Страница 412: ...emoved Example The following example configures gi1 as an access port untagged layer 2 VLAN port Console config interface gi1 Console config if switchport mode access Console config if switchport access vlan 2 30 12 switchport access vlan An interface in access mode can belong to only one VLAN The switchport access vlan Interface Configuration command reassigns an interface to a different VLAN tha...

Страница 413: ... allowed vlan A trunk interface is an untagged member of a single VLAN and in addition it may be an tagged member of one or more VLANs The switchport trunk allowed vlan Interface Configuration mode command adds removes VLAN s to from a trunk port Syntax switchport trunk allowed vlan add vlan list remove vlan list Parameters add vlan list Specifies a list of VLAN IDs to add to a port Separate nonco...

Страница 414: ...t is directed to the port s native VLAN Use the switchport trunk native vlan Interface Configuration Ethernet port channel mode command to define the native VLAN for a trunk interface Use the no form of this command to restore the default native VLAN Syntax switchport trunk native vlan vlan id no switchport trunk native vlan Parameters vlan id Specifies the native VLAN ID Default Configuration The...

Страница 415: ...le config if Example 2 The following example sets packets on port as untagged on ingress and untagged on egress console config interface gi1 console config if switchport mode trunk console config if switchport trunk native vlan 2 console config if Example 3 The following example sets packets on port as tagged on ingress and tagged on egress console config interface gi1 console config if switchport...

Страница 416: ...ts tagged packets for the VLANs This is the default value untagged Specifies that the port transmits untagged packets for the VLANs remove vlan list Specifies the list of VLAN IDs to remove Separate nonconsecutive VLAN IDs with a comma and no spaces use a hyphen to designate a range of IDs Default Configuration The port is not member in any VLAN Packets are transmitted untagged Command Mode Interf...

Страница 417: ...general mode Use the no form of this command to restore the default configuration Syntax switchport general pvid vlan id no switchport general pvid Parameters pvid vlan id Specifies the Port VLAN ID PVID Default Configuration The default VLAN is the PVID Command Mode Interface Configuration Ethernet Port channel mode Examples Example 1 The following example configures port 2 as a general port and ...

Страница 418: ... port 14 as untagged on input and untagged on output console config interface gi14 console config if switchport mode general console config if switchport general pvid 2 console config if switchport general allowed vlan add 2 untagged console config if Example 4 Configures VLAN on port 21 as untagged on input and tagged on output console config interface gi21 console config if switchport mode gener...

Страница 419: ...neral ingress filtering disable Use the switchport general ingress filtering disable Interface Configuration Ethernet Port channel mode command to disable port ingress filtering no packets are discarded at the ingress on a general port Use the no form of this command to restore the default configuration Syntax switchport general ingress filtering disable no switchport general ingress filtering dis...

Страница 420: ...eneral acceptable frame type tagged only untagged only all no switchport general acceptable frame type Parameters tagged only Ignore discard untagged packets and priority tagged packets untagged only Ignore discard VLAN tagged packets not including priority tagged packets all Do not discard packets untagged or priority tagged packets Default Configuration All frame types are accepted at ingress al...

Страница 421: ...onfiguration Syntax switchport customer vlan vlan id no switchport customer vlan Parameters vlan vlan id Specifies the customer VLAN Default Configuration No VLAN is configured as customer Command Mode Interface Configuration Ethernet Port channel mode Example The following example defines gi5 as a member of customer VLAN 5 Console config interface gi5 Console config if switchport mode customer Co...

Страница 422: ...n the mask host Specifies that the mask is comprised of all 1s macs group group Specifies the group number range 1 2147483647 Default Configuration N A Command Mode VLAN Configuration mode Example The following example creates two groups of MAC addresses sets a port to general mode and maps the groups of MAC addresses to specific VLANs Console config vlan database console config vlan map mac 0000 ...

Страница 423: ...ral map macs group group Parameters macs group group Specifies the group number range 1 2147483647 vlan vlan id Defines the VLAN ID associated with the rule Default Configuration N A Command Mode Interface Configuration Ethernet port channel mode User Guidelines MAC based VLAN rules cannot contain overlapping ranges on the same interface The VLAN classification rule priorities are 1 MAC based VLAN...

Страница 424: ...ral map macs group 1 vlan 2 console config if switchport general map macs group 2 vlan 3 30 22 show vlan macs groups Use the show vlan macs groups EXEC mode command to display the MAC addresses that belong to the defined MACs groups Syntax show vlan macs groups Parameters N A Default Configuration N A Command Mode EXEC mode Example The following example displays macs groups information console sho...

Страница 425: ...ernet port channel User Guidelines The command may be used at any time regardless of whether the port belongs to the default VLAN The no command does not add the port to the default VLAN it only defines an interface as permitted to be a member of the default VLAN and the port will be added only when conditions are met Example The following example forbids the port gi1 from being added to the defau...

Страница 426: ...tive VLAN IDs with a comma and no spaces use a hyphen designate a range of IDs Default Configuration All VLANs are allowed Command Mode Interface Configuration Ethernet Port channel mode Example The following example forbids adding VLAN IDs 234 to 256 to gi7 Console config interface gi7 Console config if switchport mode trunk Console config if switchport forbidden vlan add 234 256 30 25 switchport...

Страница 427: ...native VLAN is 4095 Note If the native VLAN of a port is the default VLAN when the port is added to the default VLAN as tagged the native VLAN is set by the system to 4095 When a general port is a member in the default VLAN as a tagged port then The PVID can be the default VLAN The default PVID is the default VLAN Note The PVID is not changed when the port is added to the default VLAN as a tagged ...

Страница 428: ...AN the port is added by the system to the default VLAN as an untagged Example The following example configures the port gi1 as a tagged port in the default VLAN Console config interface gi1 console config if switchport mode trunk Console config if switchport default vlan tagged 30 26 show interfaces switchport Use the show interfaces switchport Privileged EXEC command to display the administrative...

Страница 429: ...ltering true Acceptable Frame Type admitAll Ingress UnTagged VLAN NATIVE 2 Protected Enabled Uplink is gi9 Port gi1 is member in VLAN Name Egress Rule Type 1 default untagged System 8 VLAN008 tagged Dynamic 11 VLAN0011 tagged Static 19 IPv6VLAN untagged Static 72 VLAN0072 untagged Static Forbidden VLANS VLAN Name 73 Out Classification rules Mac based VLANs Group ID Vlan ID Example 2 The following ...

Страница 430: ... Frame Type All GVRP status Enabled Protected Disabled Port gi1 is member in VLAN Name Egress Rule Type 91 IP Telephony tagged Static Protected Disabled Port gi2 is statically configured to VLAN Name Egress Rule Type 8 VLAN0072 untagged 91 IP Telephony tagged Forbidden VLANS VLAN Name 73 Out Example 3 The following example displays the command output for an access port Console show interfaces swit...

Страница 431: ...cation rules Mac based VLANs 30 27 ip internal usage vlan The system assigns a VLAN to every IP address In rare cases this might conflict with a user requirement for that VLAN In this case use the ip internal usage vlan Interface Configuration Ethernet Port channel mode command to reserve a different VLAN as the internal usage VLAN of an interface Use the no form of this command to restore the def...

Страница 432: ...age but you want to use that VLAN for a static or dynamic VLAN do one of the following Remove the IP address from the interface this releases the internal usage VLAN Recreate the VLAN on the required interface now it will be assigned to the interface and not be used as an internal usage VLAN Recreate the IP interface another internal usage VLAN is assigned to this IP interface or use this command ...

Страница 433: ...uide 434 30 Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example The following example displays VLANs used internally by the device Console show vlan internal usage Usage gi21 gi22 gi23 VLAN 1007 1008 1009 Reserved No Yes Yes IP address Active Inactive Active ...

Страница 434: ...he no form of this command to disable IGMP snooping Syntax ip igmp snooping no ip igmp snooping Default Configuration Disabled Command Mode Global Configuration mode Example The following example enables IGMP snooping Console config ip igmp snooping 31 2 ip igmp snooping vlan Use the ip igmp snooping vlan Global Configuration mode command to enable IGMP snooping on a specific VLAN Use the no form ...

Страница 435: ...Interface VLAN Configuration command describes the configuration that is written into the FDB as a function of the FDB mode and the IGMP version that is used in the network Example console config ip igmp snooping vlan 2 31 3 ip igmp snooping vlan mrouter Use the ip igmp snooping mrouter Global Configuration mode command to enable automatic learning of Multicast router ports on a VLAN Use the no fo...

Страница 436: ...igmp snooping vlan 1 mrouter learn pim dvmrp 31 4 ip igmp snooping vlan mrouter interface Use the ip igmp snooping mrouter interface Global Configuration mode command to define a port that is connected to a Multicast router port Use the no form of this command to remove the configuration Syntax ip igmp snooping vlan vlan id mrouter interface interface list no ip igmp snooping vlan vlan id mrouter ...

Страница 437: ...ce Use the ip igmp snooping forbidden mrouter interface Global Configuration mode command to forbid a port from being defined as a Multicast router port by static configuration or by automatic learning Use the no form of this command to remove the configuration Syntax ip igmp snooping vlan vlan id forbidden mrouter interface interface list no ip igmp snooping vlan vlan id forbidden mrouter interfa...

Страница 438: ...able and to add static ports to the group Use the no form of this command to remove ports specified as members of a static Multicast group Syntax ip igmp snooping vlan vlan id static ip address interface interface list no ip igmp snooping vlan vlan id static ip address interface interface list Parameter vlan vlan id Specifies the VLAN static ip address Specifies the IP Multicast address interface ...

Страница 439: ...of this command to disable the IGMP querier on a VLAN interface Syntax ip igmp snooping vlan vlan id querier no ip igmp snooping vlan vlan id querier Parameters vlan vlan id Specifies the VLAN Default Configuration Disabled Command Mode Global Configuration mode User Guidelines The IGMP snooping querier can be enabled on a VLAN only if IGMP snooping is enabled for that VLAN At most one switch can ...

Страница 440: ...s that the IGMP snooping querier uses Use the no form of this command to return to default Syntax ip igmp snooping vlan vlan id querier address ip address no ip igmp snooping vlan vlan id querier address Parameters vlan vlan id Specifies the VLAN querier address ip address Source IP address Default Configuration If an IP address is configured for the VLAN it is used as the source address of the IG...

Страница 441: ... the default version Syntax ip igmp snooping vlan vlan id querier version 2 3 no ip igmp snooping vlan vlan id querier version Parameters vlan vlan id Specifies the VLAN querier version 2 Specifies that the IGMP version would be IGMPv2 querier version 3 Specifies that the IGMP version would be IGMPv3 Default Configuration IGMPv2 Command Mode Global Configuration mode Example console config ip igmp...

Страница 442: ...n execute the command before the VLAN is created but you must enter the command in Interface VLAN mode Example console config interface vlan 1 console config if ip igmp robustness 3 31 11 ip igmp query interval Use the ip igmp query interval Interface Configuration VLAN mode command to configure the Query interval on a VLAN Use the no format of the command to return to default Syntax ip igmp query...

Страница 443: ...0 31 12 ip igmp query max response time Use the ip igmp query max response time Interface Configuration VLAN mode command to configure the Query Maximum Response time on a VLAN Use the no format of the command to return to default Syntax ip igmp query max response time seconds no ip igmp query max response time Parameters seconds Maximum response time in seconds advertised in IGMP queries Range 5 ...

Страница 444: ...ery Counter on a VLAN Use the no format of the command to return to default Syntax ip igmp last member query count count no ip igmp last member query count Parameter count The number of times that group or group source specific queries are sent upon receipt of a message indicating a leave Range 1 7 Default Configuration A value of Robustness variable Command Mode Interface Configuration VLAN mode ...

Страница 445: ... in milliseconds at which IGMP group specific host query messages are sent on the interface Range 100 25500 Default Configuration 1000 Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created Example console config interface vlan 1 console config if ip igmp last member query interval 2000 31 15 ip igmp snooping vlan immediate leave Use t...

Страница 446: ...u can execute the command before the VLAN is created Example The following example enables IGMP snooping immediate leave feature on VLAN 1 Console config ip igmp snooping vlan 1 immediate leave 31 16 show ip igmp snooping mrouter The show ip igmp snooping mrouter EXEC mode command displays information on dynamically learned Multicast router interfaces for all VLANs or for a specific VLAN Syntax sh...

Страница 447: ...r a specific VLAN Syntax show ip igmp snooping interface vlan id Parameters interface vlan id Specifies the VLAN ID Command Mode EXEC mode Example The following example displays the IGMP snooping configuration for VLAN 1000 Console show ip igmp snooping interface 1000 IGMP Snooping is globally enabled IGMP Snooping admin Enabled IGMP Snooping oper Enabled Routers IGMP version 3 Groups that are in ...

Страница 448: ...query maximum response admin 10 sec oper 10 sec IGMP snooping last member query counter admin 2 oper 2 IGMP snooping last member query interval admin 1000 msec oper 500 msec IGMP snooping last immediate leave enable Automatic learning of Multicast router ports is enabled 31 18 show ip igmp snooping groups The show ip igmp snooping groups EXEC mode command displays the Multicast groups learned by t...

Страница 449: ...rameters Use the show ip igmp snooping groups command with parameters to see a needed subset of all Multicast groups learned by IGMP snooping To see the full Multicast address table including static addresses use the show bridge multicast address table command Example The following example shows sample output for IGMP version 2 Console show ip igmp snooping groups Vlan 1 Group Address 239 255 255 ...

Страница 450: ...d snooping no ipv6 mld snooping Default Configuration IPv6 MLD snooping is disabled Command Mode Global Configuration mode Example The following example enables IPv6 MLD snooping Console config ipv6 mld snooping 32 2 ipv6 mld snooping vlan Use the ipv6 mld snooping vlan Global Configuration mode command to enable MLD snooping on a specific VLAN Use the no form of this command to disable MLD snoopi...

Страница 451: ...Pv6 mode interface VLAN configuration command describe the configuration that can be written into the FDB as a function of the FDB mode and the MLD version that is used in the network Example console config ipv6 mld snooping vlan 2 32 3 ipv6 mld robustness Use the ipv6 mld robustness interface Configuration mode command to change a value of the MLD robustness variable Use the no format of the comm...

Страница 452: ...onfiguration mode command to enable automatic learning of multicast router ports Use the no form of this command to remove the configuration Syntax ipv6 mld snooping vlan vlan id mrouter learn pim dvmrp no ipv6 mld snooping vlan vlan id mrouter learn pim dvmrp Parameters vlan id Specifies the VLAN Default Configuration Learning pim dvmrp is enabled Command Mode Global Configuration mode User Guide...

Страница 453: ...router interface interface list Parameters vlan id Specifies the VLAN interface list Specifies a list of interfaces The interfaces can be from one of the following types port or port channel Default Configuration No ports defined Command Mode Global Configuration mode User Guidelines This command may be used in conjunction with the bridge multicast forward all command which is used in older versio...

Страница 454: ...ifies list of interfaces The interfaces can be from one of the following types Ethernet port or Port channel Default Configuration No forbidden ports by default Command Mode Global Configuration mode User Guidelines A port that is forbidden mrouter port cannot be a multicast router port i e cannot be learned dynamically or assigned statically The command bridge multicast forbidden forward all comm...

Страница 455: ...he interfaces can be from one of the following types Ethernet port or Port channel Default Configuration No multicast addresses are defined Command Mode Global configuration mode User Guidelines Static multicast addresses can only be defined on static VLANs You can execute the command before the VLAN is created You can register an entry without specifying an interface Using the no command without ...

Страница 456: ...uidelines You can execute the command before the VLAN is created Example console config interface vlan 1 console config if ipv6 mld query interval 3000 32 9 ipv6 mld query max response time Use the ipv6 mld query max response time Interface Configuration mode command to configure the Query Maximum Response time Use the no format of the command to return to default Syntax ipv6 mld query max respons...

Страница 457: ...the ipv6 mld last member query count Interface Configuration mode command to configure the Last Member Query Counter Use the no format of the command to return to default Syntax ipv6 mld last member query count count no ipv6 mld last member query count Parameters count The number of times that group or group source specific queries are sent upon receipt of message indicating a leave Range 1 7 Defa...

Страница 458: ...nterval milliseconds no ipv6 mld last member query interval Parameter milliseconds Interval in milliseconds at which MLD group specific host query messages are sent on the interface Range 100 64512 Default Configuration 1000 Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created Example console config interface vlan 1 console config if...

Страница 459: ...094 Default Configuration Disabled Command Mode Global Configuration mode User Guidelines You can execute the command before the VLAN is created Example console config ipv6 mld snooping vlan 1 immediate leave 32 13 show ipv6 mld snooping mrouter The show ipv6 mld snooping mrouter EXEC mode command displays information on dynamically learned multicast router interfaces for all VLANs or for a specif...

Страница 460: ...14 show ipv6 mld snooping interface The show ipv6 mld snooping interface EXEC mode command displays the IPv6 MLD snooping configuration for a specific VLAN Syntax show ipv6 mld snooping interface vlan id Parameters vlan id Specifies the VLAN ID Command Mode EXEC mode Example The following example displays the MLD snooping configuration for VLAN 1000 Console show ipv6 mld snooping interface 1000 ML...

Страница 461: ...pv6 mld snooping groups EXEC mode command displays the multicast groups learned by the MLD snooping Syntax show ipv6 mld snooping groups vlan vlan id address ipv6 multicast address source ipv6 address Parameters vlan vlan id Specifies the VLAN ID address ipv6 multicast address Specifies the IPv6 multicast address source ipv6 address Specifies the IPv6 source address Command Mode EXEC mode User Gui...

Страница 462: ...e group but for different sources the port will not be in the Exclude list but rather in the Include list Example The following example shows the output for IPv6 MLD version 2 Console show ipv6 mld snooping groups VLAN 1 1 19 19 19 Group Address FF12 3 FF12 3 FF12 8 FF12 8 FF12 8 Source Address FE80 201 C9FF FE40 8001 FE80 201 C9FF FE40 8002 FE80 201 C9FF FE40 8003 FE80 201 C9FF FE40 8004 FE80 201...

Страница 463: ...tem priority value no lacp system priority Parameters value Specifies the system priority value Range 1 65535 Default Configuration The default system priority is 1 Command Mode Global Configuration mode Example The following example sets the system priority to 120 Console config lacp system priority 120 33 2 lacp port priority Use the lacp port priority Interface Configuration Ethernet mode comma...

Страница 464: ...iority of gi6 console config interface gi6 console config if lacp port priority 247 33 3 lacp timeout Use the lacp timeout Interface Configuration Ethernet mode command to assign an administrative LACP timeout to an interface Use the no form of this command to restore the default configuration Syntax lacp timeout long short no lacp timeout Parameters long Specifies the long timeout value short Spe...

Страница 465: ...to display LACP information for all Ethernet ports or for a specific Ethernet port Syntax show lacp interface id parameters statistics protocol state Parameters interface id Specify an interface ID The interface ID must be an Ethernet port parameters Displays parameters only statistics Displays statistics only protocol state Displays protocol state only Command Mode EXEC mode Example The following...

Страница 466: ...priority system mac addr port Admin key port Oper key port Oper number port Admin priority port Oper priority port Admin timeout port Oper timeout LACP Activity Aggregation synchronization collecting distributing expired 1 00 00 12 34 56 78 30 30 21 1 1 LONG LONG ACTIVE AGGREGATABLE FALSE FALSE FALSE FALSE Partner ...

Страница 467: ...ty port Oper priority port Admin timeout port Oper timeout LACP Activity Aggregation synchronization collecting distributing expired 0 00 00 00 00 00 00 0 0 0 0 0 LONG LONG PASSIVE AGGREGATABLE FALSE FALSE FALSE FALSE Port gi1 LACP Statistics LACP PDUs sent LACP PDUs received 2 2 Port gi1 LACP Protocol State LACP State Machines Receive FSM Mux FSM Port Disabled State Detached State Control Variabl...

Страница 468: ...hannel port_channel_number Parameters port_channel_number Specifies the port channel number Command Mode EXEC mode Example The following example displays LACP information about port channel 1 BEGIN LACP_Enabled Ready_N Selected Port_moved NNT Port_enabled FALSE TRUE FALSE UNSELECTED FALSE FALSE FALSE Timer counters periodic tx timer current while timer wait while timer 0 0 0 Console show lacp port...

Страница 469: ...trol Protocol LACP Commands 78 20269 01 Command Line Interface Reference Guide 470 33 System Priority MAC Address Admin Key Oper Key 1 000285 0E1C00 29 29 Partner System Priority MAC Address Oper Key 0 00 00 00 00 00 00 14 ...

Страница 470: ...lly Use the no form of this command to disable GVRP on the device Syntax gvrp enable no gvrp enable Parameters N A Default Configuration GVRP is globally disabled Command Mode Global Configuration mode Example The following example enables GVRP globally on the device Console config gvrp enable 34 2 gvrp enable Interface Use the gvrp enable Interface Configuration Ethernet Port channel mode command...

Страница 471: ...e same way as in a tagged VLAN That is the PVID must be manually defined as the untagged VLAN ID Example The following example enables GVRP on gi6 Console config interface gi6 Console config if gvrp enable 34 3 gvrp vlan creation forbid Use the gvrp vlan creation forbid Interface Configuration mode command to disable dynamic VLAN creation or modification Use the no form of this command to enable d...

Страница 472: ...gistration on the port Use the no form of this command to allow dynamic registration of VLANs on a port Syntax gvrp registration forbid no gvrp registration forbid Default Configuration Dynamic registration of VLANs on the port is allowed Command Mode Interface Configuration Ethernet Port channel mode Example The following example forbids dynamic registration of VLANs on gi2 Console config interfa...

Страница 473: ...ollowing example clears all GVRP statistical information on gi5 Console clear gvrp statistics gi5 34 6 show gvrp configuration Use the show gvrp configuration EXEC mode command to display GVRP configuration information including timer values whether GVRP and dynamic VLAN creation are enabled and which ports are running GVRP Syntax show gvrp configuration interface id Parameters interface id Specif...

Страница 474: ... Creation Leave Join Leave All gi1 Enabled Forbidden Disabled 200 600 10000 gi2 Enabled Normal Enabled 400 1200 20000 34 7 show gvrp statistics Use the show gvrp statistics EXEC mode command to display GVRP statistics for all interfaces or for a specific interface Syntax show gvrp statistics interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following...

Страница 475: ... Console show gvrp statistics GVRP statistics Legend rJE rEmp rLE sJE sEmp sLE Join Empty Received Empty Received Leave Empty Received Join Empty Sent Empty Sent Leave Empty Sent rJIn Join In Received rLIn Leave In Received rLA Leave All Received sJIn Join In Sent sLIn Leave In Sent sLA Leave All Sent Port gi1 gi2 gi3 gi4 gi5 gi6 gi7 gi8 rJE 0 0 0 0 0 0 0 0 rJIn 0 0 0 0 0 0 0 0 rEmp 0 0 0 0 0 0 0 ...

Страница 476: ...atistics are displayed Command Mode EXEC mode Example The following example displays GVRP error statistics console show gvrp error statistics GVRP Error Statistics Legend INVPROT Invalid Protocol Id INVATYP Invalid Attribute Type INVALEN Invalid Attribute Length INVAVAL Invalid Attribute Value INVEVENT Invalid Event Port INVPROT INVATYP INVAVAL INVALEN INVEVENT gi1 0 0 0 0 0 gi2 0 0 0 0 0 gi3 0 0 ...

Страница 477: ...fault gateway ip address no ip address ip address If the product is switch only and supports a single IP address ip address ip address mask prefix length default gateway ip address no ip address Parameters ip address Specifies the IP address mask Specifies the network mask of the IP address prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be pre...

Страница 478: ...ally redefined on the new Default VLAN If the IP address is configured in Interface context then the IP address is bound to the interface in context If a static IP address is already defined the user must do no IP address in the relevant interface context before changing the IP address If a dynamic IP address is already defined the user must do no ip address in the relevant interface context befor...

Страница 479: ...iguration on the interface If the device is configured to obtain its IP address from a DHCP server it sends a DHCPDISCOVER message to provide information about itself to the DHCP server on the network If the ip address dhcp command is used with or without the optional keyword the DHCP option 12 field host name option is included in the DISCOVER message By default the host name specified in the opt...

Страница 480: ...erver holds a DHCP option 67 record for the assigned IP address the record overwrites the existing device configuration Command Mode Privileged EXEC mode User Guidelines Note that this command does not enable DHCP on an interface If DHCP is not enabled on the requested interface the command returns an error message If DHCP is enabled on the interface and an IP address was already acquired the comm...

Страница 481: ... Specifies the default gateway IP address Command Mode Global Configuration mode Default Configuration No default gateway is defined Example The following example defines default gateway 192 168 1 1 Console config ip default gateway 192 168 1 1 35 5 show ip interface Use the show ip interface EXEC mode command to display the usability status of configured IP interfaces Syntax show ip interface int...

Страница 482: ...c IP Address I F Type Status 1 1 1 1 8 vlan 1 Static Valid 2 2 2 2 24 gi1 Static Valid 35 6 arp Use the arp Global Configuration mode command to add a permanent entry to the Address Resolution Protocol ARP cache Use the no form of this command to remove an entry from the ARP cache Syntax arp ip address mac address interface id no arp ip address Parameters ip address IP address or IP alias to map t...

Страница 483: ...mple adds IP address 198 133 219 232 and MAC address 00 00 0c 40 0f bc to the ARP table Console config arp 198 133 219 232 00 00 0c 40 0f bc gi6 35 7 arp timeout Global Use the arp timeout Global Configuration mode command to set the time interval during which an entry remains in the ARP cache Use the no form of this command to restore the default configuration Syntax arp timeout seconds no arp ti...

Страница 484: ...lly disable proxy Address Resolution Protocol ARP Use the no form of this command reenable proxy ARP Syntax ip arp proxy disable no ip arp proxy disable Parameters N A Default Enabled by default Command Mode Global Configuration mode User Guidelines The ip arp proxy disable command overrides any proxy ARP interface configuration To use this command you must put the switch into routing mode using t...

Страница 485: ...onfiguration Ethernet VLAN Port channel mode It cannot be configured for a range of interfaces range context User Guidelines This configuration can be applied only if at least one IP address is defined on a specific interface To use this command you must put the switch into routing mode using the set system mode router command Example The following example enables ARP proxy when the switch is in r...

Страница 486: ...ss mac address mac address interface id Parameters ip address ip address Specifies the IP address mac address mac address Specifies the MAC address interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode User Guidelines Since the associated interface of a MAC address can be aged out from the FDB table...

Страница 487: ... global and interface configuration of the ARP protocol Syntax show arp configuration Parameters N A Command Mode Privileged EXEC mode Example Console show arp configuration Global configuration ARP Proxy enabled ARP timeout 80000 Seconds Interface configuration Console show arp ARP timeout 80000 Seconds VLAN VLAN 1 VLAN 1 Interface gi1 gi2 IP Address 10 7 1 102 10 7 1 135 HW Address 00 10 B5 04 D...

Страница 488: ...he interface ip Global Configuration mode command to enter the IP Interface Configuration mode Syntax interface ip address Parameters ip address Specifies one of the IP addresses of the device Command Mode Global Configuration mode User Guidelines To use this command you must put the switch into routing mode using the set system mode router command Example The following example enters the IP inter...

Страница 489: ...nterface Specifies the IP interface all Specifies all IP interfaces address Specifies the destination broadcast or host address to which to forward UDP broadcast packets A value of 0 0 0 0 specifies that UDP broadcast packets are not forwarded to any host udp port list Specifies the destination UDP port number to which to forward broadcast packets Range 1 65535 Default Configuration Forwarding of ...

Страница 490: ...per address command specifies a UDP port number to which UDP broadcast packets with that destination port number are forwarded By default if no UDP port number is specified the device forwards UDP broadcast packets for the following six services IEN 116 Name Service port 42 DNS port 53 NetBIOS Name Server port 137 NetBIOS Datagram Server port 138 TACACS Server port 49 Time Service port 37 Example ...

Страница 491: ... to define a default domain name used by the software to complete unqualified host names names without a dotted decimal domain name Use the no form of this command to remove the default domain name Syntax ip domain name name no ip domain name Parameters name Specifies the default domain name used to complete unqualified host names Do not include the initial period that separates an unqualified nam...

Страница 492: ...w website com Console config ip domain name www website com 35 17 ip name server Use the ip name server Global Configuration mode command to define the available name servers Use the no form of this command to remove a name server Syntax ip name server server1 ipv4 address server1 ipv6 address server address2 server address8 no ip name server server address server address8 Parameters server addres...

Страница 493: ...al port name 0 integer decimal number integer decimal number decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example gi16 If the egress interface is not specified the default interface is selected Specifying interface zone 0 is equal to not defining an egress interface Example The following example defines the available name server Console config ip name server 176...

Страница 494: ...stricted to the ASCII letters A through Z case insensitive the digits 0 through 9 the underscore and the hyphen A period is used to separate labels Example The following example defines a static host name to address mapping in the host cache Console config ip host accounting website com 176 10 23 1 35 19 clear host Use the clear host Privileged EXEC mode command to delete entries from the host nam...

Страница 495: ... name to address mapping received from Dynamic Host Configuration Protocol DHCP Syntax clear host dhcp name Parameters name Specifies the host entry to remove Length 1 158 characters Maximum label length 63 characters Removes all entries Command Mode Privileged EXEC mode User Guidelines This command deletes the host name to address mapping temporarily until the next refresh of the IP addresses Exa...

Страница 496: ...arameters name Specifies the host name Length 1 158 characters Maximum label length 63 characters Command Mode EXEC mode Example The following example displays host information Console show hosts System name Device Default domain is gm com sales gm com usa sales gm com DHCP Name address lookup is enabled Name servers Preference order 176 16 1 18 176 16 1 19 Configured host name to address mapping ...

Страница 497: ...IP Addressing Commands 78 20269 01 Command Line Interface Reference Guide 498 35 Host www stanford edu Total 72 Elapsed 3 Type IP Addresses 171 64 14 203 ...

Страница 498: ...sing is disabled Unless you are using the no autoconfig parameter when the interface is enabled stateless address autoconfiguration procedure is enabled Command Mode Interface Configuration Ethernet VLAN Port channel mode It cannot be configured for a range of interfaces range context User Guidelines The ipv6 enable command automatically configures an IPv6 link local unicast address on the interfa...

Страница 499: ...ig Parameters N A Default Configuration Address autoconfiguration is enabled on the interface no addresses are assigned by default Command Mode Interface Configuration Ethernet VLAN Port channel mode User Guidelines When address autoconfig is enabled router solicitation ND procedure is initiated to discover a router and assign IP addresses to the interface based on the advertised on link prefixes ...

Страница 500: ...eing placed in the bucket Each token represents a single ICMP error message The acceptable range is from 0 2147483647 with a default of 100 milliseconds Setting milliseconds to 0 disables rate limiting Range 0 2147483647 bucketsize Optional The maximum number of tokens stored in the bucket The acceptable range is from 1 200 with a default of 10 tokens Default Configuration The default interval is ...

Страница 501: ...this command To remove the address from the interface Syntax ipv6 address ipv6 address prefix length no ipv6 address ipv6 address prefix length Parameters ipv6 address Specifies the IPv6 network assigned to the interface This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16 bit values between colons prefix length Specifies the length of the...

Страница 502: ...mand without arguments removes all manually configured IPv6 addresses from an interface including link local manually configured addresses Example console config interface vlan 1 console config if ipv6 address 3000 123 64 eui 64 anycast 36 6 ipv6 address link local Use the ipv6 address link local command to configure an IPv6 link local address for an interface Use the no form of this command to re...

Страница 503: ...s can be configured per interface but only one link local address When the no ipv6 link local address command is used the interface is reconfigured with the standard link local address the same IPv6 link local address that is set automatically when the enable ipv6 command is used The system automatically generates a link local address for an interface when IPv6 processing is enabled on the interfa...

Страница 504: ...ce sends ICMP unreachable messages Example console config interface gi1 console config if ipv6 unreachables 36 8 ipv6 default gateway Use the ipv6 default gateway Global Configuration mode command to define an IPv6 default gateway Use the no form of this command To remove the default gateway Syntax ipv6 default gateway ipv6 address no ipv6 default gateway Parameters ipv6 address Specifies the IPv6...

Страница 505: ...ol Router reachability can be confirmed by either receiving Router Advertisement message containing router s MAC address or manually configured by user using the IPv6 neighbor CLI command Another option to force reachability confirmation is to ping the router link local address this will initiate the neighbor discovery process If the egress interface is not specified the default interface is selec...

Страница 506: ...e Console show ipv6 interface Interface IP addresses Type VLAN 1 4004 55 64 ANY manual VLAN 1 fe80 200 b0ff fe00 0 linklayer VLAN 1 ff02 1 linklayer VLAN 1 ff02 77 manual VLAN 1 ff02 1 ff00 0 manual VLAN 1 ff02 1 ff00 1 manual VLAN 1 ff02 1 ff00 55 manual Default Gateway IP address Type Interface State fe80 77 Static VLAN 1 unreachable fe80 200 cff fe4a dfa8 Dynamic VLAN 1 stale Console show ipv6 ...

Страница 507: ... fe80 200 b0ff fe00 0 linklayer Active ff02 1 linklayer ff02 77 manual ff02 1 ff00 0 manual ff02 1 ff00 1 manual ff02 1 ff00 55 manual 36 10 show IPv6 route Use the show ipv6 route command to display the current state of the IPv6 routing table Syntax show ipv6 route Command Mode EXEC mode Example Console show ipv6 route Codes L Local S Static I ICMP ND Router Advertisment The number in the bracket...

Страница 508: ...rface Use the no form of this command to restore the number of messages to the default value Syntax ipv6 nd dad attempts attempts Parameters attempts Specifies the number of neighbor solicitation messages A value of 0 disables DAD processing on the specified interface A value of 1 configures a single transmission without follow up transmissions Range 0 600 Default Configuration Duplicate Address D...

Страница 509: ... on the new Link Local address and all of the other IPv6 address associated with the interface are regenerated DAD is performed only on the new Link Local address Configuring a value of 0 with the ipv6 nd dad attempts Interface Configuration mode command disables duplicate address detection processing on the specified interface A value of 1 configures a single transmission without follow up transm...

Страница 510: ...ress2 4 Optional Additional IPv6 addresses that may be associated with the host s name Default Configuration No host is defined Command Mode Global Configuration mode User Guidelines The format of an IPv6Z address is ipv6 link local address interface id Example console config ipv6 host server 3000 a31b 36 13 ipv6 neighbor Use the ipv6 neighbor command to configure a static entry in the IPv6 neighb...

Страница 511: ... entry with a global address can be configured only if a manually configured subnet already exists in the device Use the show IPv6 neighbors command to view static entries in the IPv6 neighbor discovery cache Example console config ipv6 neighbor 3000 a31b vlan 1 001b 3f9c 84ea 36 14 ipv6 set mtu Use the ipv6 mtu Interface Configuration mode command to set the maximum transmission unit MTU size of ...

Страница 512: ...splay IPv6 neighbor discovery cache information Syntax show ipv6 neighbors static dynamic ipv6 address ipv6 address mac address mac address interface id Parameters static Shows static neighbor discovery cash entries dynamic Shows dynamic neighbor discovery cash entries ipv6 address Shows the neighbor discovery cache information entry of a specific IPv6 address mac address Shows the neighbor discov...

Страница 513: ...akes place as packets are sent STALE More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly While stale no action takes place until a packet is sent DELAY More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly and a ...

Страница 514: ...eighbors Use the clear ipv6 neighbors Privileged EXEC mode command to delete all entries in the IPv6 neighbor discovery cache except for static entries Syntax clear ipv6 neighbors Parameters This command has no keywords or arguments Command Mode Privileged EXEC mode Example console clear ipv6 neighbors ...

Страница 515: ...ode Example The following example enters the Interface Configuration Tunnel mode Console config interface tunnel 1 Console config tunnel 37 2 tunnel mode ipv6ip Use the tunnel mode ipv6ip Interface Configuration Tunnel mode command to configure an IPv6 transition mechanism global support mode Use the no form of this command to remove an IPv6 transition mechanism Syntax tunnel mode ipv6ip isatap no...

Страница 516: ...the egress interface according to the scope of the destination IP address such as ISATAP or native IPv6 Example The following example configures an IPv6 transition mechanism global support mode Console config interface tunnel 1 Console config tunnel tunnel mode ipv6ip isatap 37 3 tunnel isatap router Use the tunnel isatap router Interface Configuration Tunnel mode command to configure a global str...

Страница 517: ...mple The following example configures the global string ISATAP2 as the automatic tunnel router domain name Console config tunnel 1 Console config tunnel tunnel isatap router ISATAP2 37 4 tunnel source Use the tunnel source Interface Configuration Tunnel mode command to set the local source IPv4 address of a tunnel interface The no form deletes the tunnel local address Syntax tunnel source auto ipv...

Страница 518: ...ts Example console config interface tunnel 1 console config tunnel tunnel source auto 37 5 tunnel isatap query interval Use the tunnel isatap query interval Global Configuration mode command to set the time interval between Domain Name System DNS queries before the ISATAP router IP address is known for the automatic tunnel router domain name Use the no form of this command to restore the default c...

Страница 519: ... 30 seconds Console config tunnel isatap query interval 30 37 6 tunnel isatap solicitation interval Use the tunnel isatap solicitation interval Global Configuration mode command to set the time interval between ISATAP router solicitation messages Use the no form of this command to restore the default configuration Syntax tunnel isatap solicitation interval seconds no tunnel isatap solicitation int...

Страница 520: ...ustness Use the tunnel isatap robustness Global Configuration mode command to configure the number of DNS query router solicitation refresh messages that the device sends Use the no form of this command to restore the default configuration Syntax tunnel isatap robustness number no tunnel isatap robustness Parameters number Specifies the number of DNS query router solicitation refresh messages that...

Страница 521: ...citation refresh messages that the device sends to 5 Console config tunnel isatap robustness 5 37 8 show ipv6 tunnel Use the show ïpv6 tunnel EXEC mode command to display information on the ISATAP tunnel Syntax show ïpv6 tunnel Command Mode EXEC mode Example The following example displays information on the ISATAP tunnel Console show ipv6 tunnel Tunnel 1 Tunnel status DOWN Tunnel protocol NONE Tun...

Страница 522: ...78 20269 01 Command Line Interface Reference Guide 523 37 DNS Query interval 300 seconds Min DNS Query interval 0 seconds Router Solicitation interval 10 seconds Min Router Solicitation interval 0 seconds Robustness 2 ...

Страница 523: ... relay enable Parameters N A Default Configuration DHCP relay feature is disabled Command Mode Global Configuration mode Example The following example enables the DHCP relay feature on the device Console config ip dhcp relay enable 38 2 ip dhcp relay enable Interface Use the ip dhcp relay enable Interface Configuration VLAN Ethernet Port channel mode command to enable the DHCP relay feature on an ...

Страница 524: ...efined on the interface Or DHCP Relay is globally enabled there is no IP address defined on the interface the interface is a VLAN and option 82 is enabled Example The following example enables DHCP Relay on VLAN 21 Console config interface vlan 21 Console config if ip dhcp relay enable 38 3 ip dhcp relay address Use the ip dhcp relay address Global Configuration mode command to define the DHCP ser...

Страница 525: ...n the device Console config ip dhcp relay address 176 16 1 1 38 4 show ip dhcp relay Use the show ip dhcp relay EXEC mode command to display the DHCP relay information Syntax show ip dhcp relay Command Mode EXEC mode Examples Example 1 Option 82 is not supported console show ip dhcp relay DHCP relay is globally enabled Option 82 is Disabled Maximum number of supported VLANs without IP Address is 2...

Страница 526: ...on VLANs without IP Address 4 DHCP relay is enabled on Ports gi5 po3 4 Active Inactive gi5 po3 4 DHCP relay is enabled on VLANs 1 2 4 5 Active Inactive 1 2 4 5 Servers 1 1 1 1 2 2 2 2 Example 3 Option 82 is supported enabled console show ip dhcp relay DHCP relay is globally enabled Option 82 is enabled Maximum number of supported VLANs without IP Address is 4 Number of DHCP Relays enabled on VLANs...

Страница 527: ...DHCP Relay Commands 78 20269 01 Command Line Interface Reference Guide 528 38 Servers 1 1 1 1 2 2 2 2 ...

Страница 528: ...work subnet mask of the IP address prefix prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 0 32 ip address Specifies the IP address or IP alias of the next hop that can be used to reach the network metric distance Specifies an administrative distance Range 1 255 reject route Stops routing to the destination n...

Страница 529: ... to route packets for network 172 31 0 0 to a router at 172 31 6 6 using prefix length console conf ip route 172 31 0 0 16 172 31 6 6 metric 2 Example 3 The following example shows how to reject packets for network 194 1 1 0 console conf ip route 194 1 1 0 255 255 255 0 reject route Example 4 The following example shows how to remove all static routes to network 194 1 1 0 24 console conf no ip rou...

Страница 530: ...ngth Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 1 32 longer prefixes Specifies that the address and mask pair becomes a prefix and any routes that match that prefix are displayed Command Mode EXEC mode User Guidelines To use this command set the device in router mode with the command set system mode Example The follo...

Страница 531: ...ernal S 172 1 1 0 24 gi3 via 10 0 2 1 17 12 19 gi1 S 172 1 1 1 32 gi3 via 10 0 3 1 19 51 18 gi1 The following table describes the significant fields shown in the display Field Description O The protocol that derived the route 10 8 1 0 24 The remote network address 30 2000 The first number in the brackets is the administrative distance of the information source the second number is the metric for t...

Страница 532: ...s The service acl command is used to attach this ACL to an interface Use the no form of this command to remove the access list Syntax ip access list extended acl name no ip access list extended acl name Parameters acl name Name of the IPv4 access list acl name 0 32 characters Use for empty string Default Configuration No IPv4 access list is defined Command Mode Global Configuration mode User Guide...

Страница 533: ...ildcard any source port port range any destination destination wildcard any destination port port range dscp number precedence number Parameters permit protocol The name or the number of an IP protocol Available protocol names are icmp igmp ip tcp egp igp udp hmp rdp idpr ipv6 ipv6 rout ipv6 frag idrp rsvp gre esp ah ipv6 icmp eigrp ospf ipinip pim l2tp isis To match any protocol use the ip keywor...

Страница 534: ...gen 19 daytime 13 discard 9 domain 53 drip 3949 echo 7 finger 79 ftp 21 ftp data 20 gopher 70 hostname 42 irc 194 klogin 543 kshell 544 lpd 515 nntp 119 pop2 109 pop3 110 smtp 25 sunrpc 1110 syslog 514 tacacs ds 49 talk 517 telnet 23 time 37 uucp 117 whois 43 www 80 For UDP enter a number or one of the following values biff 512 bootpc 68 bootps 67 discard 9 dnsix 90 domain 53 echo 7 mobile ip 434 ...

Страница 535: ...nsole config ip access list extended server console config ip al permit ip 176 212 0 0 00 255 255 40 3 deny IP Use the deny IP Access list Configuration mode command to set deny conditions for IPv4 access list Deny conditions are also known as access control entries ACEs Syntax deny protocol any source source wildcard any destination destination wildcard dscp number precedence number deny icmp any...

Страница 536: ...ment router solicitation time exceeded parameter problem timestamp timestamp reply information request information reply address mask request address mask reply traceroute datagram conversion error mobile host redirect mobile registration request mobile registration reply domain name request domain name reply skip photuris Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP pac...

Страница 537: ...nd logging is done in software if a large number of packets match a deny ACE containing a log input keyword the software might not be able to match the hardware processing rate and not all packets will be logged Default Configuration No IPv4 access list is defined Command Mode IP Access list Configuration mode User Guidelines After an ACE is added to an access control list an implicit deny any any...

Страница 538: ...access list acl name Parameters acl name Name of the IPv6 access list Range 0 32 characters use for empty string Default Configuration No IPv6 access list is defined Command Mode Global Configuration mode User Guidelines IPv6 ACL is defined by a unique name IPv4 ACL IPv6 ACL MAC ACL or policy maps cannot have the same name Every IPv6 ACL has an implicit permit icmp any any nd ns any permit icmp an...

Страница 539: ...ge any destination prefix length any destination port port range dscp number precedence number match all list of flags permit udp any source prefix length any source port port range any destination prefix length any destination port port range dscp number precedence number Parameters protocol The name or the number of an IP protocol Available protocol names are icmp 58 tcp 6 and udp 17 To match an...

Страница 540: ... 7 finger 79 ftp 21 ftp data 20 gopher 70 hostname 42 irc 194 klogin 543 kshell 544 lpd 515 nntp 119 pop2 109 pop3 110 smtp 25 sunrpc 1110 syslog 514 tacacs ds 49 talk 517 telnet 23 time 37 uucp 117 whois 43 www 80 For UDP enter a number or one of the following values biff 512 bootpc 68 bootps 67 discard 9 dnsix 90 domain 53 echo 7 mobile ip 434 nameserver 42 netbios dgm 138 netbios ns 137 non500 ...

Страница 541: ...le ACE for tcp packets console config ipv6 access list server console config ipv6 al permit tcp 3001 2 64 any any 80 40 6 deny IPv6 Use the deny command in IPv6 Access List Configuration mode to set permit conditions ACEs for IPv6 ACLs Syntax deny protocol any source prefix length any destination prefix length dscp number precedence number disable port log input deny icmp any source prefix length ...

Страница 542: ...g 2 time exceeded 3 parameter problem 4 echo request 128 echo reply 129 mld query 130 mld report 131 mldv2 report 143 mld done 132 router solicitation 133 router advertisement 134 nd ns 135 nd na 136 Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP packets Range 0 255 destination port Specifies the UDP TCP destination port You can enter a range of ports by using a hyphen E g...

Страница 543: ...s defined Command Mode IPv6 Access list Configuration mode User Guidelines The number of TCP UDP ranges that can be defined in ACLs is limited You can define up to ASIC specific ranges for TCP and up to ASIC specific ranges for UDP If a range of ports is used for source port in ACE it is not counted again if it is also used for source port in another ACE If a range of ports is used for a destinati...

Страница 544: ...MAC access list is defined Command Mode Global Configuration mode User Guidelines A MAC ACL is defined by a unique name IPv4 ACL IPv6 ACL MAC ACL or policy maps cannot have the same name Example console config mac access list extended server1 console config mac al permit 00 00 00 00 00 01 00 00 00 00 00 ff any 40 8 permit MAC Use the permit command in MAC Access List Configuration mode to set perm...

Страница 545: ...et Range 1 4094 cos The Class of Service of the packet Range 0 7 cos wildcard Wildcard bits to be applied to the CoS Default Configuration No MAC access list is defined Command Mode MAC Access list Configuration mode User Guidelines After an access control entry ACE is added to an access control list an implicit deny any any condition exists at the end of the list That is if there are no matches t...

Страница 546: ... ID of the packet Range 1 4094 cos The Class of Service of the packet Range 0 7 cos wildcard Wildcard bits to be applied to the CoS disable port The Ethernet interface is disabled if the condition is matched log input Sends an informational syslog message about the packet that matches the entry Because forwarding is done in hardware and logging is done in software if a large number of packets matc...

Страница 547: ...fies an ACL to apply to the interface See the user guidelines Range 0 32 characters Use for empty string Default Configuration No ACL is assigned Command Mode Interface Configuration Ethernet Port Channel mode User Guidelines The following rules govern when ACLs can be bound or unbound from an interface IPv4 ACLs and IPv6 ACLs can be bound together to an interface A MAC ACL cannot be bound on an i...

Страница 548: ... no absolute start absolute end hh mm day month year no absolute end Parameters start Absolute time and date that the permit or deny statement of the associated function going into effect If no start time and date are specified the function is in effect immediately end Absolute time and date that the permit or deny statement of the associated function is no longer in effect If no end time and date...

Страница 549: ...the week2 day of the week7 no periodic list hh mm to hh mm day of the week1 day of the week2 day of the week7 periodic list hh mm to hh mm all no periodic list all hh mm to hh mm all Parameters day of the week The starting day that the associated time range is in effect The second occurrence is the ending day the associated statement is in effect The second occurrence can be the following week see...

Страница 550: ... Thursday Monday means that the time range is effective on Thursday Friday Saturday Sunday and Monday The second occurrence of the time can be on the following day e g 22 00 2 00 Example Console config time range Console config time range periodic Monday 12 00 to Wednesday 12 00 40 13 show time range Use the show time range EXEC command to display the time range configuration Syntax show time rang...

Страница 551: ... access control lists ACLs configured on the switch Syntax show access lists name show access lists Parameters name Specifies the name of the ACL Command Mode Privileged EXEC mode Example Console show access lists Standard IP access list 1 deny any Standard IP access list 2 deny 192 168 0 0 wildcard bits 0 0 0 255 permit any Standard IP access list 3 deny 0 0 0 0 deny 192 168 0 1 wildcard bits 0 0...

Страница 552: ...0 23 8 0 0 0 255 any 40 15 show interfaces access lists Use the show interfaces access lists Privileged EXEC mode command to display access lists ACLs applied on interfaces Syntax show interfaces access lists interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port port channel or VLAN Command Mode Privileged EXEC mode Example ...

Страница 553: ...t channel Command Mode Privileged EXEC mode Example console clear access lists counters gi1 40 17 show interfaces access lists counters Use the show interfaces access lists counters Privileged EXEC mode command to display Access List ACLs counters Syntax show interfaces access lists counters interface id port channel number Parameters interface id Specifies an interface ID The interface ID can be ...

Страница 554: ... large number of packets match a deny ACE containing a log input keyword the software might not be able to match the hardware processing rate and not all packets are counted Example console show interfaces access lists counters Interface deny ACE hits gi1 79 gi2 9 gi3 0 Number of hits that were counted in global counter due to lack of resources 19 ...

Страница 555: ...ration ports not trusted Relevant for advanced mode only Indicates that packets which are not classified by policy map rules to a QoS action are mapped to egress queue 0 This is the default setting in advanced mode ports trusted Relevant for advanced mode only Indicates that packets which are not classified by policy map rules to a QoS action are mapped to an egress queue based on the packet s fie...

Страница 556: ... to default Syntax qos advanced mode trust cos dscp cos dscp no qos advanced mode trust Parameters cos Classifies ingress packets with the packet CoS values For untagged packets the port default CoS is used dscp Classifies ingress packets with the packet DSCP values cos dscp Classifies ingress packets with the packet DSCP values for IP packets For other packet types use the packet CoS values Defau...

Страница 557: ...d mode trust cos 41 3 show qos Use the show qos EXEC mode command to display the QoS information for the device The trust mode is displayed for the QoS basic mode Syntax show qos Parameters N A Default Configuration Disabled Command Mode Command Mode EXEC mode User Guidelines Trust mode is displayed if QoS is enabled in basic mode Examples Example 1 The following example displays QoS attributes wh...

Страница 558: ...ts match some or all of the criteria specified in the ACLs Use the class map Global Configuration mode command to create or modify a class map and enter the Class map Configuration mode only possible when QoS is in the advanced mode Use the no form of this command to delete a class map All class map commands are only available when QoS is in advanced mode Syntax class map class map name match all ...

Страница 559: ...r of the ACLs is important Error messages are generated in the following cases There is more than one match command in a match all class map There is a repetitive classification field in the participating ACLs After entering the Class map Configuration mode the following configuration commands are available exit Exits the Class map Configuration mode match Configures classification criteria no Rem...

Страница 560: ... Map match any class1 id4 Match IP dscp 11 21 41 6 match Use the match Class map Configuration mode command to bind the Access Control Lists ACLs that belong to the class map being configured Use the no form of this command to delete the ACLs This command is available only when the device is in QoS advanced mode Syntax match access group acl name no match access group acl name Parameters acl name ...

Страница 561: ...ode command to creates a policy map and enter the Policy map Configuration mode Use the no form of this command to delete a policy map This command is only available when QoS is in advanced mode Syntax policy map policy map name no policy map policy map name Parameters policy map name Specifies the policy map name Default Configuration N A Command Mode Global Configuration mode User Guidelines Use...

Страница 562: ...ers the Policy map Configuration mode Console config policy map policy1 Console config pmap 41 8 class Use the class Policy map Configuration mode command after the policy map command to attach ACLs to a policy map Use the no form of this command to detach a class map from a policy map This command is only available when QoS is in advanced mode Syntax class class map name access group acl name no ...

Страница 563: ...ple The following example defines a traffic classification class map called class1 containing an ACL called enterprise The class is in a policy map called policy1 The policy map policy1 now contains the ACL enterprise Console config policy map policy1 Console config pmap class class1 access group enterprise 41 9 show policy map Use the show policy map EXEC mode command to display all policy maps o...

Страница 564: ...olicy map Class Configuration mode command to configure the trust state This command is relevant only when QoS is in advanced ports not trusted mode Trust indicates that traffic is sent to the queue according to the packet s QoS parameters UP or DSCP Use the no form of this command to return to the default trust state This command is only available when QoS is in advanced mode Syntax trust no trus...

Страница 565: ...ly exclusive within the same policy map Policy maps that contain set or trust commands cannot be attached or that have Access Control List ACL classification to an egress interface by using the service policy Interface Configuration mode command If specifying trust cos QoS maps a packet to a queue the received or default port CoS value and the CoS to queue map Example The following example creates...

Страница 566: ... Specifies the new user priority to be marked in the packet Range 0 16 Command Mode Policy map Class Configuration mode User Guidelines The set and trust commands are mutually exclusive within the same policy map To return to the Policy map Configuration mode use the exit command To return to the Privileged EXEC mode use the end command Example The following example creates an ACL places it into a...

Страница 567: ...emove a policer This command is only available when QoS is in advanced mode Syntax police committed rate kbps committed burst byte exceed action drop policed dscp transmit no police Parameters committed rate kbps Specifies the average traffic rate CIR in kbits per second bps Range 100 10000000 committed burst byte Specifies the normal burst size CBS in bytes Range 3000 19173960 exceed action drop ...

Страница 568: ...packet is dropped The class is called class1 and is in a policy map called policy1 Console config policy map policy1 Console config pmap class class1 Console config pmap c police 124000 9600 exceed action drop 41 13 service policy Use the service policy Interface Configuration Ethernet Port channel mode command to bind a policy map to a port port channel Use the no form of this command to detach a...

Страница 569: ... policer This command is only available when QoS is in advanced mode Syntax qos aggregate policer aggregate policer name committed rate kbps excess burst byte exceed action drop policed dscp transmit no qos aggregate policer aggregate policer name Parameters aggregate policer name Specifies the aggregate policer name committed rate kbps Specifies the average traffic rate CIR in kbits per second kb...

Страница 570: ...deleted if it is being used in a policy map The no police aggregate Policy map Class Configuration mode command must first be used to delete the aggregate policer from all policy maps before using the no mls qos aggregate policer command Policing uses a token bucket algorithm CIR represents the speed with which the token is added to the bucket CBS represents the depth of the bucket Example The fol...

Страница 571: ...show qos aggregate policer policer1 aggregate policer policer1 96000 4800 exceed action drop not used by any policy map 41 16 police aggregate Use the police aggregate Policy map Class Configuration mode command to apply an aggregate policer to multiple class maps within the same policy map Use the no form of this command to remove an existing aggregate policer from a policy map This command is on...

Страница 572: ...s called class1 in a policy map called policy1 and class2 in policy map policy2 Console config qos aggregate policer policer1 124000 9600 exceed action drop Console config policy map policy1 Console config pmap class class1 Console config pmap c police aggregate policer1 Console config pmap c exit Console config pmap exit Console config policy map policy2 Console config pmap class class2 Console c...

Страница 573: ...ueue 1 CoS value 2 is mapped to queue 2 CoS value 3 is mapped to queue 3 CoS value 4 is mapped to queue 3 CoS value 5 is mapped to queue 4 CoS value 6 is mapped to queue 4 CoS value 7 is mapped to queue 4 Command Mode Global Configuration mode User Guidelines Use this command to distribute traffic to different queues Example The following example maps CoS value 4 and 6 to queue 2 Console config wr...

Страница 574: ...uidelines The ratio for each queue is defined as the queue weight divided by the sum of all queue weights the normalized weight This sets the bandwidth allocation of each queue A weight of 0 indicates that no bandwidth is allocated for the same queue and the shared bandwidth is divided among the remaining queues It is not recommended to set the weight of a queue to a 0 as it might stop transmissio...

Страница 575: ...eues Expedite queues are assigned to the queues with the higher indexes Range 0 4 There must be either 0 wrr queues or more than one If number of queues 0 all queues are assured forwarding according to wrr weights If the number of queues 4 all queues are expedited strict priority queues Default Configuration All queues are expedite queues Command Mode Global Configuration mode User Guidelines the ...

Страница 576: ...Kbps maximum port speed committed burst Specifies the maximum permitted excess burst size CBS in bytes Range 4096 16762902 bytes Default Configuration The shaper is disabled Command Mode Interface Configuration Ethernet Port channel mode Example The following example sets a traffic shaper on gi5 on queue 1 when the average traffic rate exceeds 124000 kbps or the normal burst size exceeds 9600 byte...

Страница 577: ...S in bytes Range 4096 16762902 bytes Default Configuration The shaper is disabled Command Mode Interface Configuration Ethernet Port channel mode Example The following example sets a shaper on queue 1 on gi5 when the average traffic rate exceeds 124000 kbps or the normal burst size exceeds 9600 bytes Console config interface gi5 Console config if traffic shape 1 124000 9600 41 22 rate limit Ethern...

Страница 578: ...d Mode Interface Configuration Ethernet mode User Guidelines Storm control and rate limit of Unicast packets cannot be enabled simultaneously on the same port Example The following example limits the incoming traffic rate on gi5 to 150 000 kbps Console config interface gi5 Console config if rate limit 150000 41 23 rate limit VLAN Use the Layer 2 rate limit VLAN Global Configuration mode command to...

Страница 579: ...akes precedence over VLAN rate limiting If a packet is subject to traffic policing in a policy map and is associated with a VLAN that is rate limited the packet is counted only in the traffic policing of the policy map This command does not work in Layer 3 mode Example The following example limits the rate on VLAN 11 to 150000 kbps or the normal burst size to 9600 bytes Console config rate limit 1...

Страница 580: ...et Example Console conf qos wrr queue wrtd This setting will take effect only after copying running configuration to startup configuration and resetting the device Console config 41 25 show qos wrr queue wrtd Use the show qos wrr queue wrtd Exec mode command to display the Weighted Random Tail Drop WRTD configuration Syntax show qos wrr queue wrtd Parameters N A Default Configuration N A Command M...

Страница 581: ... settings for the interface s queues For GE ports displays the queue depth for each of the 4 queues queueing Displays the queue s strategy WRR or EF the weight for WRR queues the CoS to queue map and the EF priority policers Displays all the policers configured for this interface their settings and the number of policers currently unused on a VLAN shapers Displays the shaper of the specified inter...

Страница 582: ...the port and policy map if any attached to the interface are displayed If a specific interface is not specified the information for all interfaces is displayed Example This is an example of the output from the show qos interface queueing command for 4 queues Console show qos interface queueing gi1 gi1 wrr bandwidth weights and EF priority qid 1 2 3 4 weights 125 125 125 125 Ef Disable Disable Disa...

Страница 583: ... an egress queue Use the no form of this command to disable the tail drop mechanism on an egress queue Console show qos interface policer gi1 Ethernet gi1 Class map A Policer type aggregate Commited rate 192000 bps Commited burst 9600 bytes Exceed action policed dscp transmit Class map B Policer type single Commited rate 192000 bps Commited burst 9600 bytes Exceed action drop Class map C Policer t...

Страница 584: ...nly be used if Advanced mode is enabled Example The following example enables the tail drop mechanism on an egress queue Console config wrr queue tail drop 41 28 qos wrr queue threshold Use the qos wrr queue threshold Global Configuration mode command to assign queue thresholds globally Use the no form of this command to restore the default configuration This command is only available in QoS advan...

Страница 585: ...r Guidelines If the threshold is exceeded packets with the corresponding Drop Precedence DP are dropped until the threshold is no longer exceeded Example The following example assigns a threshold of 80 percent to WRR queue 1 Console config qos wrr queue threshold gigabitethernet 1 80 41 29 qos map policed dscp Use the qos map policed dscp Global Configuration mode command to configure the policed ...

Страница 586: ...uidelines The original DSCP value and policed DSCP value must be mapped to the same queue in order to prevent reordering Example The following example marks incoming DSCP value 3 as DSCP value 5 on the policed DSCP map Console config qos map policed dscp 3 to 5 41 30 qos map dscp queue Use the qos map dscp queue Global Configuration mode command to configure the DSCP to CoS map Use the no form of ...

Страница 587: ...qos map dscp dp Use the qos map dscp dp Global Configuration mode command to map the DSCP values to Drop Precedence Use the no form of this command to restore the default configuration This command is only available in QoS advanced mode Syntax qos map dscp dp dscp list to dp no qos map dscp dp dscp list Parameters dscp list Specifies up to 8 DSCP values with values separated by a space Range 0 63 ...

Страница 588: ...s trust Parameters cos Specifies that ingress packets are classified with packet CoS values Untagged packets are classified with the default port CoS value dscp Specifies that ingress packets are classified with packet DSCP values Default Configuration DSCP is the default trust mode Command Mode Global Configuration mode User Guidelines This command can be used only in QoS basic mode Packets enter...

Страница 589: ...mutation map if the DSCP values are different in the QoS domains Example The following example configures the system to the DSCP trust state Console config qos trust dscp 41 33 qos trust Interface Use the qos trust Interface Configuration Ethernet Port channel mode command to enable port trust state while the system is in the basic QoS mode Use the no form of this command to disable the trust stat...

Страница 590: ...ged then the default CoS value become the CoS value Range 0 16 Default Configuration The default CoS value of a port is 0 Command Mode Interface Configuration Ethernet Port channel mode User Guidelines Use the default CoS value to assign a CoS value to all untagged packets entering the interface Example The following example defines the port gi5 default CoS value as 3 Console config interface gi5 ...

Страница 591: ...pplying this map to a port causes IP packets to be rewritten with newly mapped DSCP values at the ingress ports If applying the DSCP mutation map to an untrusted port to class of service CoS or to an IP precedence trusted port Global trust mode must be DSCP or CoS DSCP In advanced CoS mode ports must be trusted Example The following example applies the DSCP Mutation map to system DSCP trusted port...

Страница 592: ...mode User Guidelines This is the only map that is not globally configured It is possible to have several maps and assign each one to a different port Example The following example changes DSCP values 1 2 4 5 and 6 to DSCP Mutation Map value 63 Console config qos map dscp mutation 1 2 4 5 6 to 63 41 37 show qos map Use the show qos map EXEC mode command to display the various types of QoS mapping S...

Страница 593: ...stics EXEC mode command to clear the QoS statistics counters Syntax clear qos statistics Command Mode EXEC mode Example The following example clears the QoS statistics counters Console clear qos statistics Console show qos map dscp queue Dscp queue map d1 0 1 2 3 4 5 6 d2 0 01 01 02 04 06 07 08 1 01 01 02 04 06 07 08 2 01 01 02 05 06 07 08 3 01 01 02 05 06 07 08 4 01 01 03 05 06 07 5 01 01 03 05 0...

Страница 594: ... map name class map name Specifies the class map name Default Configuration Counting in profile and out of profile is disabled Command Mode Interface Configuration Ethernet Port channel mode Example The following example enables counting in profile and out of profile on the interface Console config if qos statistics policer policy1 class1 41 40 qos statistics aggregate policer Use the qos statisti...

Страница 595: ...icer policer1 41 41 qos statistics queues Use the qos statistics queues Global Configuration mode command to enable QoS statistics for output queues Use the no form of this command to disable QoS statistics for output queues Syntax qos statistics queues set queue all dp all interface all no qos statistics queues set Parameters set Specifies the counter set number interface Specifies the Ethernet p...

Страница 596: ...tatistics for output queues for counter set 1 Console config qos statistics queues 1 all all all 41 42 show qos statistics Use the show qos statistics EXEC mode command to display Quality of Service statistical information Syntax show qos statistics Command Mode EXEC mode User Guidelines Up to 16 sets of counters can be enabled for policers The counters can be enabled in the creation of the police...

Страница 597: ...stics Policers Interface gi1 gi1 gi2 gi2 Policy map Policy1 Policy1 Policy1 Policy1 Class Map Class1 Class2 Class1 Class2 In profile bytes 7564575 8759 746587458 5326 Out of prof ile bytes 5433 52 3214 23 Aggregate Policers Name Policer1 In profile bytes 7985687 Out of profile bytes 121322 Output Queues Interface gi1 gi2 Queue 2 All DP High High Total packets 799921 5387326 TD packets 1 2 0 2 ...

Страница 598: ...enabled globally and per interface Use the no form of this command to disable the security suite feature When security suite is enabled you can specify the types of protection required The following commands can be used security suite dos protect security suite dos syn attack security suite deny martian addresses security suite deny syn security suite deny icmp security suite deny fragmented show ...

Страница 599: ...specifies that security suite commands are global commands only When an attempt is made to configure security suite on a port it fails Console config security suite enable global rules only Console config interface gi1 Console config if security suite dos syn attack 199 any 10 To perform this command DoS Prevention must be enabled in the per interface mode Example 2 The following example enables t...

Страница 600: ... it to remove the attack is to remove protection The possible attack types are stacheldraht Discards TCP packets with source TCP port 16660 invasor trojan Discards TCP packets with destination TCP port 2140 and source TCP port 1024 back orifice trojan Discards UDP packets with destination UDP port 31337 and source UDP port 1024 Default Configuration No protection is configured Command Mode Global ...

Страница 601: ...ination IP address Use any to specify all IP addresses mask Specifies the network mask of the destination IP address prefix length Specifies the number of bits that comprise the destination IP address prefix The prefix length must be preceded by a forward slash Default Configuration No rate limit is configured If ip address is unspecified the default is 255 255 255 255 If prefix length is unspecif...

Страница 602: ... packets containing system reserved IP addresses or user defined IP addresses Syntax security suite deny martian addresses add ip address mask prefix length remove ip address mask prefix length Add remove user specified IP addresses security suite deny martian addresses reserved add remove Add remove system reserved IP addresses see tables below no security suite deny martian addresses This comman...

Страница 603: ...dress in the block of the reserved Martian IP addresses See the User Guidelines for a list of reserved addresses Default Configuration Martian addresses are allowed Command Mode Global Configuration mode User Guidelines For this command to work security suite enable must be enabled globally security suite deny martian addresses reserved adds or removes the addresses in the following table Address ...

Страница 604: ...form of this command to permit creation of TCP connections Syntax security suite deny syn add tcp port any ip address any mask prefix length remove tcp port any ip address any mask prefix length no security suite deny syn Parameters ip address any Specifies the destination IP address Use any to specify all IP addresses mask Specifies the network mask of the destination IP address prefix length Spe...

Страница 605: ...tion creation from an interface is done by discarding ingress TCP packets with SYN 1 ACK 0 and FIN 0 for the specified destination IP addresses and destination TCP ports Example The following example attempts to block the creation of TCP connections from an interface It fails because security suite is enabled globally and not per interface Console config security suite enable global rules only Con...

Страница 606: ...n Echo requests are allowed from all interfaces If mask is not specified it defaults to 255 255 255 255 If prefix length is not specified it defaults to 32 Command Mode Interface Configuration Ethernet Port channel mode User Guidelines For this command to work security suite enable must be enabled both globally and for interfaces This command discards ICMP packets with ICMP type Echo request that ...

Страница 607: ...p address any Specifies the destination IP address Use any to specify all IP addresses mask Specifies the network mask of the IP address prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Default Configuration Fragmented packets are allowed from all interfaces If mask is unspecified the default is 255 255 255 255 If ...

Страница 608: ...security suite configuration Use the show security suite configuration EXEC mode command to display the security suite configuration Syntax show security suite configuration Command Mode EXEC mode Example The following example displays the security suite configuration Console show security suite configuration Security suite is enabled Per interface rules are enabled Denial Of Service Protect stach...

Страница 609: ...artian addresses filtering Reserved addresses enabled Configured addresses 10 0 0 0 8 192 168 0 0 16 SYN filtering Interface gi2 IP Address 176 16 23 0 24 TCP port FTP ICMP filtering Interface gi2 IP Address 176 16 23 0 24 Fragmented packets filtering Interface gi2s IP Address 176 16 23 0 24 ...

Страница 610: ...Voice VLAN is enabled but it will be triggered by an external event such as an IP phone being attached to a Smartport disabled Voice VLAN is disabled Default Configuration auto triggered Command Mode Global Configuration mode User Guidelines By factory default CDP LLDP and LLDP MED are enabled on the switch In addition manual Smartport mode and Basic QoS with trusted DSCP is enabled All ports are ...

Страница 611: ... VSDP message was received from a neighbor In all other cases the operation state is disabled Notes The administrative state cannot be set to oui enabled if the Auto SmartPort Global administrative state is enabled To change the administrative state from oui enabled to auto enabled or auto triggered or vice versa you must first set the administrative state to disabled The administrative state cann...

Страница 612: ...e is re applied console config voice vlan state auto triggered console config 30 Apr 2011 00 13 52 LINK I Up Vlan 5 30 Apr 2011 00 13 52 LINK I Up Vlan 8 30 Apr 2011 00 13 52 LINK I Up Vlan 9 30 Apr 2011 00 13 52 LINK I Up Vlan 100 42 2 voice vlan refresh The voice vlan refresh Global Configuration mode command restarts the Voice VLAN discovery process on all the Auto Voice VLAN enabled switches i...

Страница 613: ...show voice vlan Administrate Voice VLAN state is auto triggered Operational Voice VLAN state is auto enabled Best Local Voice VLAN ID is 100 Best Local VPT is 5 default Best Local DSCP is 46 default Following is the new active source Agreed Voice VLAN is received from switch b0 c6 9a c1 da 00 Agreed Voice VLAN priority is 2 active CDP device Agreed Voice VLAN ID is 100 Agreed VPT is 5 Agreed DSCP ...

Страница 614: ...s in the voice VLAN ID CoS 802 1p and or DSCP will cause the switch to advertise the administrative voice VLAN as static voice VLAN which has higher priority than voice VLAN learnt from external sources Are you sure you want to continue Y N Y Y 30 Apr 2011 00 19 36 VLAN I VoiceVlanCreated Voice Vlan ID 104 was created console config 30 Apr 2011 00 19 51 VLAN I ReceivedFromVSDP Voice VLAN updated b...

Страница 615: ...strative voice VLAN as static voice VLANwhich has higher priority than voice VLAN learnt from external sources Are you sure you want to continue Y N Y Y 30 Apr 2011 00 24 52 VLAN W BestLocal Oper inconsistency detected VSDP voice VLAN configuration differs from best local Best local is Voice VLAN ID 104 VPT 5 DSCP 46 console config 30 Apr 2011 00 25 07 VLAN I ReceivedFromVSDP Voice VLAN updated by...

Страница 616: ...ty than voice VLAN learnt from external sources Are you sure you want to continue Y N Y Y 30 Apr 2011 00 31 07 VLAN W BestLocal Oper inconsistency detected VSDP voice VLAN configuration differs from best local Best local is Voice VLAN ID 104 VPT 7 DSCP 46 console config 30 Apr 2011 00 31 22 VLAN I ReceivedFromVSDP Voice VLAN updated by VSDP Voice VLAN ID 104 VPT 7 DSCP 63 42 6 voice vlan oui table...

Страница 617: ...elines The classification of a packet from VoIP equipment phones is based on the packet s OUI in the source MAC address OUIs are globally assigned administered by the IEEE In MAC addresses the first three bytes contain a manufacturer ID Organizationally Unique Identifiers OUI and the last three bytes contain a unique station ID Since the number of IP phone manufacturers that dominates the market i...

Страница 618: ...ss of Service CoS mode Use the no form of this command to return to the default Syntax voice vlan cos mode src all no voice vlan cos mode Parameters src QoS attributes are applied to packets with OUIs in the source MAC address See the User Guidelines of voice vlan oui table all QoS attributes are applied to packets that are classified to the Voice VLAN Default Configuration The default mode is src...

Страница 619: ...nge 0 7 remark Specifies that the L2 user priority is remarked with the CoS value Default Configuration The default CoS value is 5 The L2 user priority is not remarked by default Command Mode Global Configuration mode Example The following example sets the OUI voice VLAN CoS to 7 and does not do remarking Console config voice vlan cos 7 42 9 voice vlan aging timeout Use the voice vlan aging timeou...

Страница 620: ...erval to 12 hours Console config voice vlan aging timeout 720 42 10 voice vlan enable Use the voice vlan enable Interface Configuration Ethernet Port channel mode command to enable OUI voice VLAN configuration on an interface Use the no form of this command to disable OUI voice VLAN configuration on an interface Syntax voice vlan enable no voice vlan enable Default Configuration Disabled Command M...

Страница 621: ...ample The following example enables OUI voice VLAN configuration on gi2 Console config interface gi2 Console config if voice vlan enable 42 11 show voice vlan Use the show voice vlan EXEC mode command to display the voice VLAN status for all interfaces or for a specific interface if the voice VLAN type is OUI Syntax show voice vlan type oui auto interface id Parameters type oui Common and OUI voic...

Страница 622: ...state is auto enabled Best Local Voice VLAN ID is 20 Best Local VPT is 4 Best Local DSCP is 1 Voice VLAN is received from switch 00 01 22 01 ab 87 45 Agreed Voice VLAN priority is 0 active UC device Agreed Voice VLAN ID is 100 Agreed VPT is 0 Agreed DSCP is 0 Agreed VLAN Last Change is 10 Apr 10 20 01 00 Example 2 Displays the current voice VLAN parameters switch show voice vlan Administrate Voice...

Страница 623: ...e 4 Displays the current voice VLAN parameters switch show voice vlan Administrate Voice VLAN state is disabled Operational Voice VLAN state is disabled Best Local Voice VLAN ID is 20 Best Local VPT is 0 default Best Local DSCP is 0 default Aging timeout 1440 minutes CoS 6 Remark Yes Example 5 Displays the voice VLAN parameters when the voice VLAN state is OUI switch show voice vlan oui Administra...

Страница 624: ...imens 00 60 B9 NEC Philips 00 0F E2 Huawei 3COM 00 09 6E Avaya Interface Enabled Secure Activated CoS Mode gi1 Yes Yes Yes all gi2 Yes Yes No src gi3 No No src 42 12 show voice vlan local The show voice vlan local EXEC mode command displays information about the auto voice VLAN local configuration including the best local voice VLAN Syntax show voice vlan local Parameters N A Default Configuration...

Страница 625: ...o triggered Operational Voice VLAN state is auto enabled VSDP Authentication is enabled key string name is alpha The character marks the best local Voice VLAN VLAN ID VPT DSCP Source MAC Address Interface 1 5 46 default 104 7 63 static 100 CDP 00 1e 13 73 3d 62 gi7 Example 2 Displays the local voice VLAN configuration when the voice VLAN state is Auto triggered console show voice vlan local Admini...

Страница 626: ...Displays the local voice VLAN configuration when the voice VLAN state is OUI console show voice vlan local Administrate Voice VLAN state is auto OUI Operational Voice VLAN state is OUI The character marks the best local Voice VLAN VLAN ID VPT DSCP Source MAC Address Interface 1 0 0 default 10 1 27 static 10 UC 00 00 12 ea 87 dc gi1 10 UC 00 00 aa aa 89 dc po1 ...

Страница 627: ...port administrative global and operational states are enabled when Auto Voice VLAN is in operation Default Configuration Administrative state is controlled Command Mode Global Configuration mode User Guidelines Regardless of the status of Auto Smartport you can always manually apply a Smartport macro to its associated Smartport type A Smartport macro is either a built in macro or a user defined ma...

Страница 628: ...rts on these VLANs console config macro auto controlled console config macro auto enabled Auto smartports cannot be enabled because OUI voice is enabled console config voice vlan state disabled console config macro auto enabled console config 10 Apr 2011 16 11 31 LINK I Up Vlan 20 10 Apr 2011 16 11 33 LINK I Up Vlan 5 10 Apr 2011 16 11 33 LINK I Up Vlan 6 10 Apr 2011 16 11 33 LINK I Up Vlan 7 10 A...

Страница 629: ...ature on port 1 console conf conf interface gi1 console conf if macro auto smartport 43 3 macro auto trunk refresh The macro auto trunk refresh Global Configuration command reapplies the Smartport macro on a specific interface or to all the interfaces with the specified Smartport type Syntax macro auto trunk refresh smartport type interface id Parameters smartport type Smartport type switch router...

Страница 630: ...macro is executed if the interface has one of the following Smartport types switch router or wireless access point ap If a Smartport macro contains configuration commands that are no longer current on one or more interfaces you can update their configuration by reapplying the Smartport macro on the interfaces Example Adds the ports of Smartport type switch to all existing VLANs by running the asso...

Страница 631: ...esired Smartport macro you must reset the interface using the macro auto resume command which changes the Smartport type of the interface to Default Then you can run macro auto trunk refresh Example Changes the Smartport type from unknown to default and resumes the Smartport feature on port 1 console conf interface gi1 console conf if macro auto resume 43 5 macro auto persistent The macro auto per...

Страница 632: ...nge gi1 2 console config if range macro auto persistent console config if range exit console config interface range gi3 4 console config if range no macro auto persistent 43 6 macro auto smartport type The macro auto smartport type Interface Configuration mode command manually statically assigns a Smartport type to an interface The no format of the command removes the manually configured type and ...

Страница 633: ...ine 10 The show parser macro name command is run to display the contents of the macro printer in order to see which line failed console conf interface gi1 console conf if macro auto smartport type printer 30 May 2011 15 02 45 AUTOSMARTPORT E FAILEDMACRO Macro printer for auto smar port type Printer on interface gi1 failed at command number 10 console conf if exit console conf if do show parser mac...

Страница 634: ...08 config 43 7 macro auto processing cdp The macro auto processing cdp Global Configuration mode command enables using CDP capability information to identify the type of an attached device When Auto Smartport is enabled on an interface and this command is run the switch automatically applies the corresponding Smartport type to the interface based on the CDP capabilities advertised by the attaching...

Страница 635: ...e of an attached device When Auto Smartport is enabled on an interface and this command is run the switch automatically applies the corresponding Smartport type to the interface based on the LLDP capabilities advertised by the attaching device s The no format of the command disables the feature Syntax macro auto processing lldp no macro auto processing lldp Parameters N A Default Configuration Ena...

Страница 636: ...t ip_phone ip_phone_desktop switch router or wireless access point ap Default Configuration By default auto detection of ip_phone ip_phone_desktop switch and wireless access point ap is enabled Command Mode Global Configuration Example Example 1 In this example VLANs were de activated because LLDP was disabled console config no macro auto processing lldp console config 10 Apr 2011 16 21 16 LINK W ...

Страница 637: ... to a Smartport type This is done by replacing the link to the built in macro with the link to the user defined macro The no format of the command returns the link to the default built in Smartport macro Syntax macro auto user smartport macro smartport type user defined macro name parameter name value parameter name value parameter name value no macro auto user smartport macro smartport type Param...

Страница 638: ...have defined a pair of macros one to apply the configuration and the other anti macro to remove the configuration The macros are paired by their name The name of the anti macro is the concatenation of no_ with the name of the corresponding macro Please refer to the Macro Command section for details about defining macro Example To link the user defined macro my_ip_phone_desktop to the Smartport typ...

Страница 639: ...e VLAN the default value is the default native VLAN Command Mode Global Configuration User Guidelines By default each Smartport type is associated with a pair of built in macros a macro that applies the configuration and the anti macro no macro to remove the configuration The Smartport types are the same as the name of the corresponding built in Smartport macros with the anti macro prefixed with n...

Страница 640: ...abled ap enabled 43 13 show macro auto smart macros The show macro auto smart macros EXEC mode command displays the name of Smartport macros their type built in or user defined and their parameters This information is displayed for all Smartport types or for the specified one Syntax show macro auto smart macros smartport type Parameters smartport type Smartport type range printer desktop guest ser...

Страница 641: ...ort Macro use switch Smartport type router Parameters native_vlan 2 Smartport Macro router built in 43 14 show macro auto ports The show macro auto ports EXEC mode command displays information about all Smartport ports or a specific one If a macro was run on the port and it failed the type of the port is displayed as Unknown Syntax show macro auto ports interface id Parameters interface id Interfa...

Страница 642: ...ate gi1 disabled enabled switch gi2 enabled enabled default gi3 enabled disabled phone gi4 enabled enabled router static gi5 enabled enabled switch gi6 enabled enabled unknown Example 2 Disabling auto SmartPort on gi2 console config if interface gi2 console config if no macro auto smartport console config if end console show macro auto ports gi2 SmartPort is Enabled Administrative Globally Auto Sm...

Страница 643: ...allowed vlan The smartport switchport trunk allowed vlan Interface Configuration Ethernet port channel mode command adds removes VLANs to from a trunk port Syntax smartport switchport trunk allowed vlan add vlan list all remove vlan list all Parameters add vlan list Specifies a list of VLAN IDs to add to interface Separate nonconsecutive VLAN IDs with a comma and no spaces use a hyphen to designat...

Страница 644: ...gress tagged port remove all Removes the interface from the default VLAN Example To add port 1 to VLANs 1 5 console conf interface gi1 console conf if smartport switchport trunk allowed vlan add 1 5 43 16 smartport switchport trunk native vlan Use the smartport switchport trunk native vlan Interface Configuration Ethernet port channel mode command to define the native VLAN when the interface is in...

Страница 645: ...nk native vlan CLI command Unlike the switchport trunk native vlan CLI command this command may also be applied to the default VLAN when the interface belongs to the default VLAN as egress tagged port Example Define the native VLAN when port 1 is in trunk mode console conf interface gi1 console conf if smartport switchport trunk native vlan 1 ...

Страница 646: ...sable LLDP use the no form of this command Syntax lldp run no lldp run Parameters N A Default Configuration Enabled Command Mode Global Configuration mode Example console config lldp run 44 2 lldp transmit Use the lldp transmit Interface Configuration mode command to enable transmitting LLDP on an interface Use the no form of this command to stop transmitting LLDP on an interface Syntax lldp trans...

Страница 647: ...on the STP state of a port I e LLDP frames are sent on blocked ports If a port is controlled by 802 1x LLDP operates only if the port is authorized Example console config interface gi1 console config if lldp transmit 44 3 lldp receive Use the lldp receive Interface Configuration mode command to enable receiving LLDP on an interface Use the no form of this command to stop receiving LLDP on an inter...

Страница 648: ...authorized Example console config interface gi1 console config if lldp receive 44 4 lldp timer Use the lldp timer Global Configuration mode command to specify how often the software sends LLDP updates Use the no form of this command to restore the default configuration Syntax lldp timer seconds no lldp timer Parameters timer seconds Specifies in seconds how often the software sends LLDP updates ra...

Страница 649: ... LLDP packet hold time interval as a multiple of the LLDP timer value range 2 10 Default Configuration The default LLDP hold multiplier is 4 Command Mode Global Configuration mode User Guidelines The actual Time To Live TTL value of LLDP frames is calculated by the following formula TTL min 65535 LLDP Timer LLDP hold multiplier For example if the value of the LLDP timer is 30 seconds and the value...

Страница 650: ...einit Parameters reinit seconds Specifies the minimum time in seconds an LLDP port waits before reinitializing LLDP transmission Range 1 10 Default Configuration 2 seconds Command Mode Global Configuration mode Example console config lldp reinit 4 44 7 lldp tx delay Use the lldp tx delay Global Configuration mode command to set the delay between successive LLDP frame transmissions initiated by val...

Страница 651: ...less than 0 25 of the LLDP timer interval Example The following example sets the LLDP transmission delay to 10 seconds Console config lldp tx delay 10 44 8 lldp optional tlv Use the lldp optional tlv Interface Configuration Ethernet mode command to specify which optional TLVs are transmitted Use the no form of this command to restore the default configuration Syntax lldp optional tlv tlv tlv2 tlv5...

Страница 652: ...e Specifies that no address is advertised automatic Specifies that the software automatically selects a management address to advertise from all the IP addresses of the product In case of multiple IP addresses the software selects the lowest IP address among the dynamic IP addresses If there are no dynamic addresses the software selects the lowest IP address among the static IP addresses automatic...

Страница 653: ...h port can advertise one IP address Example The following example sets the LLDP management address advertisement mode to automatic on gi2 Console config interface gi2 Console config if lldp management address automatic 44 10 lldp notifications Use the lldp notifications Interface Configuration Ethernet mode command to enable disable sending LLDP notifications on an interface Use the no form of thi...

Страница 654: ...dp notifications interval Use the lldp notifications interval Global Configuration mode command to configure the maximum transmission rate of LLDP notifications Use the no form of this command to return to the default Syntax lldp notifications interval seconds no lldp notifications interval Parameters interval seconds The device does not send more than a single notification in the indicated period...

Страница 655: ...guration LLDP packets are filtered when LLDP is globally disabled Command Mode Global Configuration mode User Guidelines If the STP mode is MSTP the LLDP packet handling mode cannot be set to flooding The STP mode cannot be set to MSTP if the LLDP packet handling mode is flooding If LLDP is globally disabled and the LLDP packet handling mode is flooding LLDP packets are treated as data packets wit...

Страница 656: ...form of this command to return to the default state Syntax lldp med enable tlv tlv4 disable no lldp med Parameters enable Enable LLDP MED tlv Specifies the TLV that should be included Available TLVs are network policy location and poe pse inventory The capabilities TLV is always included if LLDP MED is enabled disable disable LLDP MED on the port Default Configuration Enabled with network policy T...

Страница 657: ...ogy change notifications disable Disables sending LLDP MED topology change notifications Default Configuration Disable is the default Command Mode Interface Configuration Ethernet mode Example The following example enables sending LLDP MED topology change notifications on gi2 Console config interface gi2 Console config if lldp med notifications topology change enable 44 15 lldp med fast start repe...

Страница 658: ...ldp med network policy global Use the lldp med network policy Global Configuration mode command to define a LLDP MED network policy For voice applications it is simpler to use lldp med network policy voice auto The lldp med network policy command creates the network policy which is attached to a port by lldp med network policy interface The network policy defines how LLDP packets are constructed U...

Страница 659: ...g video video signaling vlan vlan id VLAN identifier for the application vlan type Specifies if the application is using a tagged or an untagged VLAN up priority User Priority Layer 2 priority to be used for the specified application dscp value DSCP value to be used for the specified application Default Configuration No network policy is defined Command Mode Global Configuration mode User Guidelin...

Страница 660: ...ed network policy interface Use the lldp med network policy Interface Configuration Ethernet mode command to attach or remove an LLDP MED network policy on a port Network policies are created in lldp med network policy global Use the no form of this command to remove all the LLDP MED network policies from the port Syntax lldp med network policy add remove number no lldp med network policy number P...

Страница 661: ...k policy voice auto A network policy for voice LLDP packets can be created by using the lldp med network policy global The lldp med network policy voice auto Global Configuration mode is simpler in that it uses the configuration of the Voice appliation to create the network policy instead of the user having to manually configure it The lldp med network policy voice auto command generates an LLDP M...

Страница 662: ...igured network policies for the voice application In Auto mode you cannot manually define a network policy for the voice application using the lldp med network policy global command Example console config lldp med network policy voice auto 44 19 clear lldp table Use the clear lldp table command in Privileged EXEC mode to clear the neighbors table for all ports or for a specific port Syntax clear l...

Страница 663: ...ss data Specifies the location data as a civic address in hexadecimal format ecs elin data Specifies the location data as an Emergency Call Service Emergency Location Identification Number ECS ELIN in hexadecimal format data Specifies the location data in the format defined in ANSI TIA 1057 dotted hexadecimal data Each byte in a hexadecimal character string is two hexadecimal digits Bytes are sepa...

Страница 664: ...Parameters interface id Specifies the port ID Default Configuration N A Command Mode Privileged EXEC mode Examples Example 1 Display LLDP configuration for all ports Switch show lldp configuration State Enabled Timer 30 Seconds Hold multiplier 4 Reinit delay 2 Seconds Tx delay 2 Seconds Notifications interval 5 seconds LLDP packets handling Filtering Port State Optional TLVs Address Notifications ...

Страница 665: ...Example 2 Display LLDP configuration for port 1 Switch show lldp configuration gi1 State Enabled Timer 30 Seconds Hold multiplier 4 Reinit delay 2 Seconds Tx delay 2 Seconds Notifications interval 5 seconds LLDP packets handling Filtering Port State Optional TLVs Address Notifications gi1 RX TX PD SN SD SC 72 16 1 1 Disabled 802 3 optional TLVs 802 3 mac phy 802 3 lag 802 3 max frame size 802 1 op...

Страница 666: ...f time as a multiple of the timer interval that the receiving device holds a LLDP packet before discarding it Reinit timer The minimum time interval an LLDP port waits before re initializing an LLDP transmission Tx delay The delay between successive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB Port The port number State The port s LLDP state Optional TLV...

Страница 667: ...how lldp med configuration Fast Start Repeat Count 4 lldp med network policy voice manual Network policy 1 Application type voiceSignaling VLAN ID 1 untagged Layer 2 priority 0 DSCP 0 Port Capabilities Network Policy Location Notifications Inventory gi1 Yes Yes Yes Enabled Yes gi2 Yes Yes No Enabled No gi3 No No No Enabled No Example 2 The following example displays the LLDP MED configuration for ...

Страница 668: ... the LLDP on all ports or on a specific port Syntax show lldp local tlvs overloading interface id Parameters interface id Specifies a port ID Default Configuration If no port ID is entered the command displays information for all ports Command Mode EXEC mode User Guidelines The command calculates the overloading status of the current LLDP configuration and not for the last LLDP packet that was sen...

Страница 669: ...face id Parameters Interface id Specifies a port ID Default Configuration If no port ID is entered the command displays information for all ports Command Mode Privileged EXEC mode Example The following examples display LLDP information that is advertised from gi1 and 2 Switch show lldp local gi1 Device ID 0060 704C 73FF Port ID gi1 Capabilities Bridge System Name ts 7800 1 System description Port ...

Страница 670: ...ggregated Aggregation status Not currently in aggregation Aggregation port ID 1 802 3 Maximum Frame Size 1522 802 3 EEE Local Tx 30 usec Local Rx 25 usec Remote Tx Echo 30 usec Remote Rx Echo 25 usec 802 1 PVID 1 802 1 PPVID 2 supported enabled 802 1 VLAN 2 VLAN2 802 1 Protocol 88 8E 01 LLDP MED capabilities Network Policy Location Identification LLDP MED Device type Network Connectivity LLDP MED ...

Страница 671: ...Firmware Revision A1 Software Revision 3 8 Serial number 7978399 Manufacturer name Manufacturer Model name Model 1 Asset ID Asset 123 Switch show lldp local gi2 LLDP is disabled 44 25 show lldp statistics Use the show lldp statistics EXEC mode command to display LLDP statistics on all ports or a specific port Syntax show lldp statistics interface id Parameters interface id Specifies a port ID Defa...

Страница 672: ... Port Total Total Discarded Errors Discarded Unrecognized Total gi1 730 850 0 0 0 0 0 gi2 0 0 0 0 0 0 0 gi3 730 0 0 0 0 0 0 gi4 0 0 0 0 0 0 0 gi5 0 0 0 0 0 0 0 gi6 8 7 0 0 0 0 1 gi7 0 0 0 0 0 0 0 gi8 0 0 0 0 0 0 0 gi9 730 0 0 0 0 0 0 gi10 0 0 0 0 0 0 0 44 26 show lldp neighbors Use the show lldp neighbors Privileged EXEC mode command to display information about neighboring devices discovered usin...

Страница 673: ...s Detail is the default parameter Command Mode Privileged EXEC mode User Guidelines A TLV value that cannot be displayed as an ASCII string is displayed as an hexadecimal string Examples Example 1 The following example displays information about neighboring devices discovered using LLDP on all ports Location information if it exists is also displayed Switch show lldp neighbors Port Device ID Port ...

Страница 674: ...Management address 172 16 1 1 Time To Live 90 seconds 802 3 MAC PHY Configuration Status Auto negotiation support Supported Auto negotiation status Enabled Auto negotiation Advertised Capabilities 100BASE TX full duplex 1000BASE T full duplex Operational MAU type 1000BaseTFD 802 3 Power via MDI MDI Power support Port Class PD PSE MDI Power Support Not Supported PSE MDI Power State Not Enabled PSE ...

Страница 675: ...30 usec Local Tx Echo 30 usec Local Rx Echo 25 usec 802 1 PVID 1 802 1 PPVID 2 supported enabled 802 1 VLAN 2 VLAN2 802 1 Protocol 88 8E 01 LLDP MED capabilities Network Policy LLDP MED Device type Endpoint class 2 LLDP MED Network policy Application type Voice Flags Unknown policy VLAN ID 0 Layer 2 priority 0 DSCP 0 LLDP MED Power over Ethernet Device Type Power Device Power source Primary power ...

Страница 676: ...s significant LLDP fields shown in the display Field Description Port The port number Device ID The neighbor device s configured ID name or MAC address Port ID The neighbor device s port ID System name The neighbor device s administratively assigned name Capabilities The capabilities discovered on the neighbor device Possible values are B Bridge R Router W WLAN Access Point T Telephone D DOCSIS ca...

Страница 677: ...tes whether the sender is a Network Connectivity Device or Endpoint Device and if an Endpoint to which Endpoint Class it belongs LLDP MED Network Policy Application type The primary function of the application defined for this network policy Flags Flags The possible values are Unknown policy Policy is required by the device but is currently unknown Tagged VLAN The specified application type is usi...

Страница 678: ...Local power Primary and Local power Power priority The PD device priority A PSE device advertises the power priority configured for the port A PD device advertises the power priority configured for the device The possible values are Critical High and Low Power value The total power in watts required by a PD device from a PSE device or the total power a PSE device is capable of sourcing over a maxi...

Страница 679: ...s are not directly connected and are separated with CDP LLDP incapable devices the CDP LLDP capable devices may be able to receive the advertisement from other device s only if the CDP LLDP incapable devices flood the CDP LLDP packets they receives If the CDP LLDP incapable devices perform VLAN aware flooding then CDP LLDP capable devices can hear each other only if they are in the same VLAN It sh...

Страница 680: ...abled Command Mode Ethernet Interface User Guidelines For CDP to be enabled on an interface it must first be enabled globally using cdp run Example console conf cdp run console conf interface gi1 console conf if cdp enable 45 3 cdp pdu Use the cdp pdu Global Configuration mode command when CDP is not enabled globally It specifies CDP packets handling when CDP is globally disabled The no format of ...

Страница 681: ...ate ignoring the VLAN filtering rules Default Configuration bridging Command Mode Global Configuration mode User Guidelines When CDP is globally enabled CDP packets are filtered discarded on CDP disabled ports In the flooding mode VLAN filtering rules are not applied but STP rules are applied In case of MSTP the CDP packets are classified to instance 0 Example console conf cdp run console conf cdp...

Страница 682: ...dp appliance tlv enable The cdp appliance tlv enable Global Configuration mode command enables sending of the Appliance TLV The no format of this command disables the sending of the Appliance TLV Syntax cdp appliance tlv enable no cdp appliance tlv enable Parameters N A Default Configuration Enabled Command Mode Global Configuration mode User Guidelines This MIB specifies the Voice Vlan ID VVID to...

Страница 683: ...ets are expected to be sent and received untagged without an 802 1p priority 4096 The CDP packets transmitting through this port would not include Appliance VLAN ID TLV or if the VVID is not supported on the port this MIB object will not be configurable and will return 4096 Example console conf cdp appliance tlv enable 45 6 cdp mandatory tlvs validation Use the cdp mandatory tlvs validation Global...

Страница 684: ...no cdp source interface Parameters interface id Source port used for Source IP address selection Default Configuration No CDP source interface is specified Command Mode Global Configuration mode User Guidelines Use the cdp source interface command to specify an interface whose minimal IP address will be advertised in the TVL instead of the minimal IP address of the outgoing interface Example conso...

Страница 685: ...x mismatches from all ports Command Mode Global Configuration mode Ethernet Interface Example console conf interface gi1 console conf if cdp log mismatch duplex 45 9 cdp log mismatch voip Use the cdp log mismatch voip Global and Interface Configuration mode command to enable validating that the VoIP status of the port received in a CDP packet matches its actual configuration If not a SYSLOG messag...

Страница 686: ... Global and Interface Configuration mode command to enable validating that the native VLAN received in a CDP packet matches the actual native VLAN of the port If not a SYSLOG native mismatch message is generated The no format of the CLI command disables the generation of the SYSLOG messages Syntax cdp log mismatch native no cdp log mismatch native Parameters N A Default Configuration The switch re...

Страница 687: ...dp device id format Parameters mac Specifies that the Device ID TLV contains the device s MAC address serial number Specifies that Device ID TLV contains the device s hardware serial number Default Configuration MAC address is selected by default Command Mode Global Configuration mode Example console conf cdp device id format serial number 45 12 cdp timer The cdp timer Global Configuration mode co...

Страница 688: ...0 45 13 cdp holdtime The cdp holdtime Global Configuration mode command specified a value of the Time to Live field into sent CDP messages The no format of this command returns to default Syntax cdp holdtime seconds no cdp timer Parameters seconds Value of the Time to Live field in seconds The value should be bigger than the value of Transmission Timer Parameters range seconds 10 255 Default Confi...

Страница 689: ... Configuration mode command resets the CDP traffic counters to 0 Syntax clear cdp counters Parameters N A Command Mode Global Configuration mode Example console conf clear cdp couters 45 15 clear cdp table The clear cdp table Global Configuration mode command deletes the CDP Cache tables Syntax clear cdp table Parameters N A Command Mode Global Configuration mode ...

Страница 690: ...the advertisements Syntax show cdp Parameters N A Command Mode Privileged EXEC mode Example switch show cdp Global CDP information cdp is globally enabled cdp log duplex mismatch is globally enabled cdp log voice VLAN mismatch is globally enabled cdp log native VLAN mismatch is globally disabled Mandatory TLVs are Device ID TLV 0x0001 Address TLV 0x0002 Port ID TLV 0x0003 Capabilities TLV 0x0004 V...

Страница 691: ...limited to protocol or version information Syntax show cdp entry device name protocol version Parameters Specifies all neighbors device name Specifies the name of the neighbor protocol Limits the display to information about the protocols enabled on neighbors version Limits the display to information about the version of software running on the neighbors Default Configuration Version Command Mode ...

Страница 692: ...SOFTWARE Copyright c 1986 1997 by cisco Systems Inc Compiled Mon 07 Apr 97 19 51 by dschwart Example 2 switch show cdp entry device cisco com protocol Protocol information for device cisco com IP address 192 168 68 18 CLNS address 490001 1111 1111 1111 00 DECnet address 10 1 Example 3 switch show cdp entry device cisco com version Version information for device cisco com Cisco Internetwork Operati...

Страница 693: ...ace id Parameters interface id Port ID Command Mode Privileged EXEC mode Example switch show cdp interface gi1 CDP is globally enabled CDP log duplex mismatch Globally is enabled Per interface is enabled CDP log voice VLAN mismatch Globally is enabled Per interface is enabled CDP log native VLAN mismatch Globally is disabled Per interface is enabled gi1 is Down CDP is enabled Sending CDP packets e...

Страница 694: ...ls hold time and software version secondary Displays information about neighbors from the secondary cache Default Configuration If interface id is not specified the command displays information for neighbors of all ports If detail or secondary are not specified the default is secondary Command Mode Privileged EXEC mode Example switch show cdp neighbors Capability Codes R Router T Trans Bridge B So...

Страница 695: ...eighbors detail Device ID lab 7206 Advertisement version 2 Entry address es IP address 172 19 169 83 Platform cisco 7206VXR Capabilities Router Interface Ethernet0 Port ID outgoing port fa 0 Time To Live 123 sec Version Cisco Internetwork Operating System Software IOS tm 5800 Software C5800 P4 M Version 12 1 2 Copyright c 1986 2002 by Cisco Systems Inc Duplex half Device ID lab as5300 1 Entry addr...

Страница 696: ...50 sec Version P00303020204 Duplex full Power drawn 6 300 Watts switch show cdp neighbors secondary Capability Codes R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater P VoIP Phone M Remotely Managed Device C CAST Phone Port W Two Port MAC Relay Local Interface Mac Address TimeToLive Capability VLAN ID Platform fa 1 00 00 01 23a 86 9c 157 R S 10 206VXRYC fa 1 00 00 05 ...

Страница 697: ...es such as those with optical ports in which signals from multiple hardware interfaces are multiplexed through a single physical port It contains the name of the external physical port through which the multiplexed signal is transmitted Interface The protocol and port number of the port on the current device IP Network Prefix It is used by On Demand Routing ODR When transmitted by a hub router it ...

Страница 698: ...r supplied by the routing device generally 5 watts shown using the show power command Protocol Hello Specifies that a particular protocol has asked CDP to piggyback its hello messages within transmitted CDP packets Remote Port_ID Identifies the port the CDP packet is sent on sysName An ASCII string containing the same value as the sending device s sysName MIB object sysObjectID The OBJECT IDENTIFI...

Страница 699: ...rts if not specified Information for a port is displayed if only CDP is really running on the port i e CDP is enabled globally and on the port which is UP Examples Example 1 In this example CDP is disabled and no information is displayed switch show cdp tlv cdp globally is disabled Example 2 In this example CDP is globally enabled but disabled on the port and no information is displayed switch sho...

Страница 700: ...ce C CAST Phone Port W Two Port MAC Relay Interface TLV gi3 CDP is enabled on gi3 Ethernet gi3 is down Example 4 In this example CDP is globally enabled and enabled on the port which is up and information is displayed switch show cdp tlv interface gi1 cdp globally is enabled Capability Codes R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater P VoIP Phone M Remotely Man...

Страница 701: ...ation is displayed for all ports on which CDP is enabled who are up switch show cdp tlv interface cdp globally is enabled Capability Codes R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater P VoIP Phone M Remotely Managed Device C CAST Phone Port W Two Port MAC Relay Interface TLV gi1 CDP is enabled Ethernet gi1 is up Device ID TLV type is MAC address Value is 00 11 22...

Страница 702: ...wn 45 21 show cdp traffic The show cdp traffic Privileged EXEC mode command displays the CDP counters including the number of packets sent and received and checksum errors Syntax show cdp traffic Parameters N A Command Mode Privileged EXEC mode Example switch show cdp traffic CDP counters Total packets output 81684 Input 81790 Hdr syntax 0 Chksum error 0 Encaps 0 No memory 0 Invalid packet 0 CDP v...

Страница 703: ...e checksum verifying operation failed on incoming CDP advertisements No memory The number of times the local device did not have enough memory to store the CDP advertisements in the advertisement cache table when the device was attempting to assemble advertisement packets for transmission and parse them when receiving them Invalid The number of invalid CDP advertisements received CDP version 1 adv...

Страница 704: ...Revision History 78 20269 01 Command Line Interface Reference Guide 935 4 46 Revision History Revision Date Comments 1 0 June 14 2011 Draft ...

Страница 705: ...Revision History 78 20269 01 Command Line Interface Reference Guide 936 4 ...

Страница 706: ... and or its affiliates in the U S and other countries A listing of Cisco s trademarks can be found at www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1005R ...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды